webpa-landing-dzenai.com/
144.126.226.199301 Moved Permanently 0 B URL HTTP/1.1 webpa-landing-dzenai.com/
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
urlquery phishing Phishing - Wells Fargo
fortinet Phishing
GET / HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
content-length: 0
location: https://webpa-landing-dzenai.com/
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bea3185dd820a31c1981317f37c3456d
1a548a5d27270fc11df9011837a7149571cedd78
469b97bf9f57401b3c9571039483589f2815f4794212b75c7c85cfefe0ae71e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "469B97BF9F57401B3C9571039483589F2815F4794212B75C7C85CFEFE0AE71E9"
Last-Modified: Wed, 22 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8030
Expires: Fri, 24 Mar 2023 16:24:30 GMT
Date: Fri, 24 Mar 2023 14:10:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 65fc860bc043f3fb83bdc3debdcd322d
418010755deae099ef1284e402813c5837a10f42
d93d50c523c7f735987aba09db628259441eb75efe713a2df3c214e1fb8b5171
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D93D50C523C7F735987ABA09DB628259441EB75EFE713A2DF3C214E1FB8B5171"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9787
Expires: Fri, 24 Mar 2023 16:53:47 GMT
Date: Fri, 24 Mar 2023 14:10:40 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bc86ef2a0cee04915bc360f5821adc8f
3658f9028cce204d38f7f48fcfaa2a8e4f54383a
aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 24 Mar 2023 13:15:15 GMT
content-type: application/json
age: 3325
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 51a5d4696a6090c295850554508b51ce
c44e143c2223546e64b19f543b8101aaf3b11e97
8794223d5e8d4d276c35e2fdcc24bf99694240634dd749cd9b5bf874dec055cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8794223D5E8D4D276C35E2FDCC24BF99694240634DD749CD9B5BF874DEC055CF"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9053
Expires: Fri, 24 Mar 2023 16:41:33 GMT
Date: Fri, 24 Mar 2023 14:10:40 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: JlcAtQaV8RntfwOSopPYpDM3Nhp6JFwbg3dwIb5ikhA0Ch9n7/rBUsfWeQgLxI8awQaIqlBH26hldKtvQrVXDw==
x-amz-request-id: RX69Y5KQER8CSY8X
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 24 Mar 2023 13:54:31 GMT
age: 969
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e03f8ffea8c4614a790bd936abe647d6
c38ff1e43c57d52843d920118b1cd977c6f2910e
4aa73c280ea84a3e2ce6a0f9cfbcf31de217c136c185c221895915e351dacab1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AA73C280EA84A3E2CE6A0F9CFBCF31DE217C136C185C221895915E351DACAB1"
Last-Modified: Thu, 23 Mar 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17734
Expires: Fri, 24 Mar 2023 19:06:14 GMT
Date: Fri, 24 Mar 2023 14:10:40 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 24 Mar 2023 14:10:40 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
webpa-landing-dzenai.com/
144.126.226.199200 OK 1.1 kB URL HTTP/1.1 webpa-landing-dzenai.com/
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash d3cd0aa0456d89474b8a47b0f7f98f20
60d18fcec8ffec81d4188fd7cead7403ce680901
09a0d22997f302f70e87c47b042324bb4bfa38dcc60f62343c75a4e7b9a57078
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
content-type: text/html
date: Fri, 24 Mar 2023 14:10:40 GMT
content-length: 1141
connection: close
webpa-landing-dzenai.com/assets/index.dfb73e73.js
144.126.226.199200 OK 2.4 kB URL HTTP/1.1 webpa-landing-dzenai.com/assets/index.dfb73e73.js
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (1916)
Hash 8206bd53a52ad33bce984b779d305c01
9dbde6f2cc816ce25273db896182994f9827da33
701167caa1b9a2fb82d6d9c1c8731d655da867b665ab78d21ccbfcba32e59ea4
Analyzer Verdict Alert fortinet Phishing
GET /assets/index.dfb73e73.js HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
content-type: text/javascript
date: Fri, 24 Mar 2023 14:10:40 GMT
content-length: 2376
connection: close
webpa-landing-dzenai.com/assets/index.e0d7e66f.css
144.126.226.199200 OK 220 B URL HTTP/1.1 webpa-landing-dzenai.com/assets/index.e0d7e66f.css
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
Hash cff49c8ce3195120d864d260b667f25b
5595617638e5f5fdf7005ea98c95e2bcdbc44cd9
62e0d0830b18b89d5d280d5b100b41fbc061ca542fc55f92be493ac82dde4276
GET /assets/index.e0d7e66f.css HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
content-type: text/css
date: Fri, 24 Mar 2023 14:10:40 GMT
content-length: 220
connection: close
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d6155393df5b0c6758c8e69cac435f3a
4c8d447049e9990286693b550139381e80eb2776
7be9766948f9b5e3555316c6855bab06d8825092c1b83f0af4239ab199658364
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7BE9766948F9B5E3555316C6855BAB06D8825092C1B83F0AF4239AB199658364"
Last-Modified: Thu, 23 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19771
Expires: Fri, 24 Mar 2023 19:40:11 GMT
Date: Fri, 24 Mar 2023 14:10:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6551d93c410c2582869c6d32d84c68b8
e367b9ef93a13cf5caf4f4a35f79e09d965a743c
6f4635284fc9f25f4bc3d5201daea83787b4ba3dea1bf2b9f07a494d2b2c2d88
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6F4635284FC9F25F4BC3D5201DAEA83787B4BA3DEA1BF2B9F07A494D2B2C2D88"
Last-Modified: Wed, 22 Mar 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17647
Expires: Fri, 24 Mar 2023 19:04:47 GMT
Date: Fri, 24 Mar 2023 14:10:40 GMT
Connection: keep-alive
cdn.neuro.net/libs/web-rtc-plugin/polyfills-es2015.js
84.201.165.170200 OK 7.1 kB URL HTTP/1.1 cdn.neuro.net/libs/web-rtc-plugin/polyfills-es2015.js
IP 84.201.165.170:0
ASN #200350 Yandex.Cloud LLC
File type ASCII text, with very long lines (23175), with no line terminators
Hash 07fd923b31801d558fa29625eb2b92eb
ef1a1f53e5cbc99edb4322aa74ca4b1068599bea
a565376b60eb55f843c2d01d005b86052c97c9b61fbe894720ac6f70c0237094
GET /libs/web-rtc-plugin/polyfills-es2015.js HTTP/1.1
Host: cdn.neuro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://webpa-landing-dzenai.com
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: nginx/1.10.3
date: Fri, 24 Mar 2023 14:10:40 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 20 Dec 2022 10:02:12 GMT
transfer-encoding: chunked
vary: Accept-Encoding
etag: W/"63a18824-5a87"
cache-control: max-age=31449600
access-control-allow-headers: *
access-control-allow-origin: *
content-encoding: gzip
connection: close
cdn.neuro.net/libs/web-rtc-plugin/main-es2015.js
84.201.165.170200 OK 52 kB URL HTTP/1.1 cdn.neuro.net/libs/web-rtc-plugin/main-es2015.js
IP 84.201.165.170:0
ASN #200350 Yandex.Cloud LLC
File type ASCII text, with very long lines (65536), with no line terminators
Hash b30940fba4163332ee3f8f5794efcfcd
71201f668dd93b87e08ba0cb80dd02e7be557dec
b331e5d02e25543b3b8286ff31de0dece6498cbb94c4103e7fc06628b31727e5
GET /libs/web-rtc-plugin/main-es2015.js HTTP/1.1
Host: cdn.neuro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://webpa-landing-dzenai.com
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: nginx/1.10.3
date: Fri, 24 Mar 2023 14:10:40 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 20 Dec 2022 10:02:24 GMT
transfer-encoding: chunked
vary: Accept-Encoding
etag: W/"63a18830-28ecc"
cache-control: max-age=31449600
access-control-allow-headers: *
access-control-allow-origin: *
content-encoding: gzip
connection: close
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 82d686b49755d3216b992ab2fe1d6bbd
e1a28304e84d7253773e2f6c7274ae39d959a3bb
2a25d2bce9cec67905d66240440733c01cb49476db70993d0658e4d9b2836bb9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A25D2BCE9CEC67905D66240440733C01CB49476DB70993D0658E4D9B2836BB9"
Last-Modified: Thu, 23 Mar 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Fri, 24 Mar 2023 20:10:41 GMT
Date: Fri, 24 Mar 2023 14:10:41 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Last-Modified, Content-Length, Pragma, Expires, ETag, Backoff, Alert, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 24 Mar 2023 13:14:33 GMT
age: 3368
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn.neuro.net/libs/web-rtc-plugin/scripts.js
84.201.165.170200 OK 50 kB URL HTTP/1.1 cdn.neuro.net/libs/web-rtc-plugin/scripts.js
IP 84.201.165.170:0
ASN #200350 Yandex.Cloud LLC
File type ASCII text, with very long lines (58726)
Hash 84f2bb474255bafbb1338295a417356d
abc5021a9aa955a4f0c3c6d391339e93d5b1b046
b864b5d1852a5e6db031767dba70e2076570b590cd84929d0f3718fc975530b1
GET /libs/web-rtc-plugin/scripts.js HTTP/1.1
Host: cdn.neuro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: nginx/1.10.3
date: Fri, 24 Mar 2023 14:10:41 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 20 Dec 2022 10:02:11 GMT
transfer-encoding: chunked
vary: Accept-Encoding
etag: W/"63a18823-2d3ec"
cache-control: max-age=31449600
access-control-allow-headers: *
access-control-allow-origin: *
content-encoding: gzip
connection: close
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 050ca4dc2182e0a27573b0d9f32b7834
bec14dc5af0d0b32210470673511acd8db404308
b6129b9d1848f75265dca4446c5399927bdaf15c7b49c083765847b0fe276eaf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B6129B9D1848F75265DCA4446C5399927BDAF15C7B49C083765847B0FE276EAF"
Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17002
Expires: Fri, 24 Mar 2023 18:54:03 GMT
Date: Fri, 24 Mar 2023 14:10:41 GMT
Connection: keep-alive
webpa-landing-dzenai.com/assets/default.call-to-agent.5acac147.js
144.126.226.199200 OK 995 B URL HTTP/1.1 webpa-landing-dzenai.com/assets/default.call-to-agent.5acac147.js
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (994)
Hash ae9ddc5ac121a62f722fbd86a1934328
6e0078ef208fa1c6b3deb7354e25b983255fcac3
a32b9127c2196e64f37da5ce930b97a83dfd2bf6dd64ffe912205adfc749cc65
Analyzer Verdict Alert fortinet Phishing
GET /assets/default.call-to-agent.5acac147.js HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/assets/index.dfb73e73.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
content-type: text/javascript
date: Fri, 24 Mar 2023 14:10:41 GMT
content-length: 995
connection: close
webpa-landing-dzenai.com/assets/ball.302c37db.png
144.126.226.199200 OK 57 kB URL HTTP/1.1 webpa-landing-dzenai.com/assets/ball.302c37db.png
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced\012- data
Hash 25b6f16350966388a98ed851df7ab678
61866ed54ee4db83138ec68df7980dbdf285bfa8
302c37db07b38c2a2cc82912e010a26847fd6640e656f69a9d5dece2ebc73df6
GET /assets/ball.302c37db.png HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
content-type: image/png
date: Fri, 24 Mar 2023 14:10:41 GMT
content-length: 56600
connection: close
push.services.mozilla.com/
35.161.44.144101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.161.44.144:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: JeBJmQL+eyiYDJAcz49bhg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 1mxw/lUcsUKiu5iR3FtbgVuzkKM=
webpa-landing-dzenai.com/assets/ball.af86c30d.gif
144.126.226.199200 OK 4.9 MB URL HTTP/1.1 webpa-landing-dzenai.com/assets/ball.af86c30d.gif
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type GIF image data, version 89a, 400 x 400\012- data
Size 4.9 MB (4873631 bytes)
Hash e00db764e8a7261651ee7e3da5c188e9
c4aae00f02cff42807a0d34dc153974ec56be57b
af86c30d5d0a1ce62ef97d746c1b0d2940c5b1bb9d29053af612208ef8be5410
GET /assets/ball.af86c30d.gif HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://webpa-landing-dzenai.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
content-type: text/plain
date: Fri, 24 Mar 2023 14:10:41 GMT
content-length: 4873631
connection: close
webpa-landing-dzenai.com/biz/?proxy=1
144.126.226.199200 OK 16 kB URL HTTP/1.1 webpa-landing-dzenai.com/biz/?proxy=1
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1187), with CRLF line terminators
Hash 1b155f0b46739826efbf2d954117d4d8
6cbaefc86c1e5b520bbba3f01ab2cc76c040bb00
d881bff969892e35ea65ac05195743a4b44634641242691e428aba2133de7e02
GET /biz/?proxy=1 HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
content-type: text/html; charset=UTF-8
expires: -1
cache-control: no-cache, no-store, max-age=0
x-xss-protection: 1; mode=block
pragma: no-cache
content-language: en-US
vary: Accept-Encoding
x-content-type-options: nosniff
x-akamai-transformed: 9 18674 0 pmb=mTOE,1
content-encoding: gzip
date: Fri, 24 Mar 2023 14:10:41 GMT
content-length: 15476
set-cookie: ADRUM_BTa=R:33|g:ac8473e7-b8d7-4809-a794-ea397c94bf1a; Expires=Fri, 24-Mar-2023 14:11:11 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:33|g:ac8473e7-b8d7-4809-a794-ea397c94bf1a|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 24-Mar-2023 14:11:11 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 24-Mar-2023 14:11:11 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:33|i:206936; Expires=Fri, 24-Mar-2023 14:11:11 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=9D60DB094730265597241310886AEA68; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sat, 23-Mar-2024 14:10:41 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; SameSite=Lax; HttpOnly
wfacookie=11202303240710411293110133; domain=.wellsfargo.com; path=/; expires=21 Mar 2033 14:10:41 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!z2MtF75BOF5POHjz2xKqB3cO2dndHgQVykyorhuyv5qA1LCZv2Mi0DRbOe2klDHf5sFdTWLaLFZ9cbQ=; path=/; Httponly; Secure
WesdAksn=A7UU9ROHAQAAgBPt_Bl0AhWkPdTTfHbsGlu7_vgKqH_rrWjMesWSZkQiYj1AAZB-4secuDv8wH8AAEB3AAAAAA|1|0|dbc0723ffa04b0e5eda1ef3afa3d00ca1b8f0a42; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=JRwj0GmCj4neqcHfpR2bCNHEZ8kj0dGigBAzq39wIKszM4PZVFBnLMwPq9dvDTsV; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:41 GMT;Httponly; Secure
_abck=48FEED6495960D81A1B89227A3B6F839~-1~YAAQn0ISAhh74w2HAQAA3RX1EwmhWqqNpP6v0YlFZEUDSekP0vxTbW8Zi2sNZ3cMXfA71smGMvUq7D/eGGZ5pW/VXBrWg9mhq55KImCxZSbzairvQoQjzfhFlruO8OrSTWIvVYC+NHy4/q+GIPkDYil6NGFhF9HpKv1QRi2qILHab73bY6a3Xj3IDYh9wAOg1rJdeA77XUsfQ9OecLE7IjAPw0G+OEwGiG/udDciJlkP9tARhRK5bjAFHuaVKI10BnIlVnLhHu3pk9LmZHP8l54tHfQZJZpjI3AUm/PPFy9gEbnSusGbbuobXAwm8qLMMpBR+3Rs7MF8J3k0KTM3WZivkNDiNkqv7xfDD5ZaiFAksHPEwy/DO77DvYlKtGbpSQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 23 Mar 2024 14:10:41 GMT; Max-Age=31536000; Secure
bm_sz=96F539C3D3C84F1F211805223AE90D9D~YAAQn0ISAhl74w2HAQAA3RX1ExPeqfVI8u/LburZfZuDrhlJeENTUyx7zM79E5Y6rzFjWhOO6F9ei5I0Na5PVECJatmbTdiThxTPL4s46qPe9AhAAD9bpow5oOwUdHSZvva9ef9Eh5Qtmh2pHdYcIfYpw2mXjbsPfe0NjLIKuFHe0WAuClz3WytwJPsK8hCypNQYTeD4Fd9+eyu8fzyo5i1bHufxBk6MEP1h3MjLAvMLvnMWqG1NdnuHs9rz6YP7pd8LR9s9QtVbT7aMOKMaaMhJnmEvycyq6zBDJ27crwP9fP+pMchx~4538948~4404033; Domain=.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 18:10:41 GMT; Max-Age=14400
strict-transport-security: max-age=31536000 ; includeSubDomains
access-control-allow-origin: *
connection: close
webpa-landing-dzenai.com/assets/icons
144.126.226.199404 Not Found 3.1 kB URL HTTP/1.1 webpa-landing-dzenai.com/assets/icons
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (651), with CRLF, LF line terminators
Hash 078ae77a45ea9518e95bd5586b8afeeb
8c7141590ea980e9f550e5bfdce96627f43ef5f6
a60994da81e96e23c0e8217c4006652bea9c2ba92e337f8a1d7e70f2ce27f0de
Analyzer Verdict Alert fortinet Phishing
GET /assets/icons HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
content-type: text/html;charset=UTF-8
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
pragma: no-cache
cache-control: no-cache, no-store, max-age=0
expires: -1
content-encoding: gzip
content-length: 3076
date: Fri, 24 Mar 2023 14:10:41 GMT
set-cookie: ADRUM_BTa=R:33|g:166a9b27-52cb-4018-9904-c7ed7e930332; Expires=Fri, 24-Mar-2023 14:11:11 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:33|g:166a9b27-52cb-4018-9904-c7ed7e930332|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 24-Mar-2023 14:11:11 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 24-Mar-2023 14:11:11 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:33|i:206915; Expires=Fri, 24-Mar-2023 14:11:11 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:33|i:206915|e:5; Expires=Fri, 24-Mar-2023 14:11:11 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=BE72F999D8DC2443AA8203ED3EBEBAB3; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sat, 23-Mar-2024 14:10:41 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202303240710411575856444; domain=.wellsfargo.com; path=/; expires=21 Mar 2033 14:10:41 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!i6NTZxd+vzG0GPkGl7IZxfIs0wroUYEWx6N059rEdC2OtG1R6tkERoE2xunA1/jtWR2Ed/iWJbe8rNI=; path=/; Httponly; Secure
DCID=+nPNy4mazDrDHr%2fZjA8ziTDvUEK8uuw7XsDEu59ya54%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:41 GMT;Httponly; Secure
_abck=8C3C8A60D206FB75EDB3F25EA3CA9254~-1~YAAQn0ISAid74w2HAQAArxb1Ewk69lMHzCCgCVFGSYC/80vV1rHiJBSeiTqHESVl/w8H7Zy4vFBVIaZGABFp8ESzh88WCVLyGRoMj0UpLybq5Jq3RyzDwys0qlNvIWoNcFiSvHhjyiwNBwOQ93yKiRZazXd302DLg7ubZG6kmcxMq0SvDufofOYmc+vkOP9bdEkWU42WOYN/MAfcM2iUdvlSLEBxCBlcR92dKsdxdGMGW2Dgur/PE2ZjODZwXqJQQ5TvC7NSavE663szunE18v8shjROse2E9z2y7Jcf3XNZB4JCo2cKZSy+xIVjpEAuDS7FvBUZ3oi3DxXEJRxAcvVrrHzGQWMAsIh5MBCGtbt8yTc78uxhAcpGuGQYlAdOXw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 23 Mar 2024 14:10:41 GMT; Max-Age=31536000; Secure
bm_sz=2E7ABB9096E6422688DBE492522329A2~YAAQn0ISAih74w2HAQAArxb1ExMLMhcOafTNbPpzSB8TRFCxu21SLVShFWXQt/aTOKsgP/oXi7DKqkmNUnv/xgG6Hcad85Vvihfk/vqn52oZEu2EQBeKHtrRR6QDUlJV0g08hEIy0daUaYebCBtkYIJBDJtg76OX31y40M46uZhrBI62d4e38QhI+Sg7bryNbu9yV0RgAyAqFIsvrE0GJKHMch3x+fVe2TRmyxyw7I1KJDtWOtOGQ42tVWHQBIjeTTKLclj1rUbML6cxKsuy3UOVw7nrdV39HjvSkotM9KV0lEg4i8su~4538948~4404033; Domain=.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 18:10:41 GMT; Max-Age=14400
strict-transport-security: max-age=31536000 ; includeSubDomains
access-control-allow-origin: *
connection: close
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 9659cae81d193ae22211beedfd4f8d5a
7cf76f23cbc6b9bccc8623834bdc150e18c67bbb
6e74e7101f830de3cc4951f21e6d2356a10952892695a719d827d9718f495e7c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1819
Cache-Control: max-age=147426
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 14:10:42 GMT
Etag: "641d4529-1d7"
Expires: Sun, 26 Mar 2023 07:07:48 GMT
Last-Modified: Fri, 24 Mar 2023 06:37:29 GMT
Server: ECAcc (ska/F776)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 9659cae81d193ae22211beedfd4f8d5a
7cf76f23cbc6b9bccc8623834bdc150e18c67bbb
6e74e7101f830de3cc4951f21e6d2356a10952892695a719d827d9718f495e7c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1819
Cache-Control: max-age=147426
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 14:10:42 GMT
Etag: "641d4529-1d7"
Expires: Sun, 26 Mar 2023 07:07:48 GMT
Last-Modified: Fri, 24 Mar 2023 06:37:29 GMT
Server: ECAcc (ska/F776)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 9659cae81d193ae22211beedfd4f8d5a
7cf76f23cbc6b9bccc8623834bdc150e18c67bbb
6e74e7101f830de3cc4951f21e6d2356a10952892695a719d827d9718f495e7c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1819
Cache-Control: max-age=147426
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 14:10:42 GMT
Etag: "641d4529-1d7"
Expires: Sun, 26 Mar 2023 07:07:48 GMT
Last-Modified: Fri, 24 Mar 2023 06:37:29 GMT
Server: ECAcc (ska/F776)
X-Cache: HIT
Content-Length: 471
webpa-landing-dzenai.com/ui/javascript/homepage-ui/homepage_iaoffer.js
144.126.226.199200 OK 19 kB URL HTTP/1.1 webpa-landing-dzenai.com/ui/javascript/homepage-ui/homepage_iaoffer.js
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type Unicode text, UTF-8 text, with very long lines (33131), with NEL line terminators
Hash 3f9cbf08987857328ddeecd5c0841c98
6529bc4031ffe8c23feef79dcead7d3790c52b02
b6b40f8adb3910e658c5f61de4b636c0dbefafc4ce761e3544a9b38fb41cc7aa
Analyzer Verdict Alert fortinet Phishing
GET /ui/javascript/homepage-ui/homepage_iaoffer.js HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
Cookie: ADRUM_BTa=R:33|g:ac8473e7-b8d7-4809-a794-ea397c94bf1a|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:33|i:206936; ISD_WCM_COOKIE=!z2MtF75BOF5POHjz2xKqB3cO2dndHgQVykyorhuyv5qA1LCZv2Mi0DRbOe2klDHf5sFdTWLaLFZ9cbQ=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
expires: Thu, 09 Mar 2023 08:57:33 GMT
last-modified: Fri, 24 Feb 2023 23:19:38 GMT
etag: W/"63f9460a-e71d"
cache-control: max-age=1800
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
content-length: 19118
date: Fri, 24 Mar 2023 14:10:42 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains
set-cookie: DCID=GrN4CXUQYd8bivZg1Yd40g%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
access-control-allow-origin: *
connection: close
static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
23.36.79.27200 OK 901 B URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
IP 23.36.79.27:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (1952), with no line terminators
Hash 5dcc7c101ced74367609685d577093f6
f0d8214335e3c33b634048b992afd536f5bd3e43
10aab16ccfb5374425dc6ee64453a7fe6d7b6dfa47ab65779f42c7db740da1ef
GET /assets/js/wfui/appdynamics/appdEUMConfig.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 20 Jan 2022 02:38:25 GMT
Vary: Accept-Encoding
ETag: W/"61e8cb21-7a0"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 901
Date: Fri, 24 Mar 2023 14:10:42 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=ZLXkRZIuplyC8HNrfg65kA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
23.36.79.27200 OK 16 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
IP 23.36.79.27:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (45298)
Hash c5c30c6f4bfffa360cea9e4596911099
74fd08d2536e249015a63df76527663937211369
29279bc4b9c6fae6f797bec6ab1cbef61b08cfe23b27741175f546c1eaa8c9a5
GET /assets/js/wfui/container/wfui-container-bottom.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 07 Mar 2023 21:05:06 GMT
Vary: Accept-Encoding
ETag: W/"6407a702-b125"
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15731
Date: Fri, 24 Mar 2023 14:10:42 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=BBHtf1aV0Ud9lZRyfyyOZg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
webpa-landing-dzenai.com/ui/css/publicsite-ui/ps-global.css
144.126.226.199200 OK 26 kB URL HTTP/1.1 webpa-landing-dzenai.com/ui/css/publicsite-ui/ps-global.css
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (65536), with no line terminators
Hash 9bce7055a04948a06581491ab3d0b72c
287cdb7a09225ef1b77bf4f4a18cce13305e88aa
dc7d633a9165b360e3006a668276222a1ba7e5bf3b909a89d0b55d4aa4714252
GET /ui/css/publicsite-ui/ps-global.css HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
Cookie: ADRUM_BTa=R:33|g:ac8473e7-b8d7-4809-a794-ea397c94bf1a|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:33|i:206936; ISD_WCM_COOKIE=!z2MtF75BOF5POHjz2xKqB3cO2dndHgQVykyorhuyv5qA1LCZv2Mi0DRbOe2klDHf5sFdTWLaLFZ9cbQ=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
expires: Thu, 09 Mar 2023 12:06:06 GMT
last-modified: Fri, 24 Feb 2023 23:19:46 GMT
etag: "63f94612-32d85"
cache-control: max-age=1800
content-type: text/css
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
content-length: 26355
date: Fri, 24 Mar 2023 14:10:42 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains
set-cookie: DCID=yq5TitETmxEvlkGf8HAzsA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
access-control-allow-origin: *
connection: close
webpa-landing-dzenai.com/ui/javascript/publicsite-ui/ps-global.js
144.126.226.199200 OK 54 kB URL HTTP/1.1 webpa-landing-dzenai.com/ui/javascript/publicsite-ui/ps-global.js
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type Unicode text, UTF-8 text, with very long lines (65441)
Hash fd5ce668a550a53a843ad5cbc7edaf9c
745d04f5bd98ef9c8f8ff8ac6c0f7b4866c8ccad
f36c57f9c9ee08729e100cd21555a97b783b746ec787bdfaf0e8580da9936f78
Analyzer Verdict Alert fortinet Phishing
GET /ui/javascript/publicsite-ui/ps-global.js HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
Cookie: ADRUM_BTa=R:33|g:ac8473e7-b8d7-4809-a794-ea397c94bf1a|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:33|i:206936; ISD_WCM_COOKIE=!z2MtF75BOF5POHjz2xKqB3cO2dndHgQVykyorhuyv5qA1LCZv2Mi0DRbOe2klDHf5sFdTWLaLFZ9cbQ=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
expires: Sun, 19 Mar 2023 09:24:54 GMT
last-modified: Fri, 24 Feb 2023 23:19:46 GMT
etag: "63f94612-2b72f"
cache-control: max-age=1800
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
content-length: 53985
date: Fri, 24 Mar 2023 14:10:42 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains
set-cookie: DCID=1S0dExavbFzCAJoLXLb%2fcg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
access-control-allow-origin: *
connection: close
webpa-landing-dzenai.com/J4o5pxGr/zXO/Ft-/IxG4kKKO0h/pYm5fDVXaV/GiAcSikD/IRg/KCDJKMzw
144.126.226.199200 OK 74 kB URL HTTP/1.1 webpa-landing-dzenai.com/J4o5pxGr/zXO/Ft-/IxG4kKKO0h/pYm5fDVXaV/GiAcSikD/IRg/KCDJKMzw
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
Hash 81148c08e032dbeca04072747c5c4905
6efccfdbf11d2bd7e60f05ae5498b48b2c079692
c206f688e25718a95b617a5c1ad2549bb237c1cb6cc7dced8df0052b8533e3f8
Analyzer Verdict Alert fortinet Phishing
GET /J4o5pxGr/zXO/Ft-/IxG4kKKO0h/pYm5fDVXaV/GiAcSikD/IRg/KCDJKMzw HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
Cookie: ADRUM_BTa=R:33|g:ac8473e7-b8d7-4809-a794-ea397c94bf1a|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:33|i:206936; ISD_WCM_COOKIE=!z2MtF75BOF5POHjz2xKqB3cO2dndHgQVykyorhuyv5qA1LCZv2Mi0DRbOe2klDHf5sFdTWLaLFZ9cbQ=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
stored-attribute-sha-checksum: f83f52a3ef01a4360a0e01885cd652ba71d4fd946ffa69f745cc1afcfe428d60
last-modified: Wed, 01 Mar 2023 16:38:10 GMT
etag: "25d60855d8ebee1f1b5f138f7ed5003d81ad4b67f05e591c270a2ce360c66069"
content-type: application/javascript
vary: Accept-Encoding
content-encoding: br
content-length: 73992
date: Fri, 24 Mar 2023 14:10:42 GMT
cache-control: max-age=21600
strict-transport-security: max-age=31536000 ; includeSubDomains
set-cookie: DCID=+UgeXmVsUb3vl2XLa+5UJQ%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=9928B8B625F56B181F1F02C9CACEF6C7~-1~YAAQn0ISAi574w2HAQAA4hb1Ewk30qebOdNyAcL8xEGboSuQusQQHhj+Ng1rBbU1ZIPQlb3/o1a9MjR/bml+CTpGrGKCBJcrYhl4Ha6FfBxfbcr1mSfI4vtd70bv07s5NwzWZMxJNcP9J1nIBeJ1QTi1aoUaVdyZqxoL4A0H77X2hGnNGjqqiaGk41iEz19VWnI8Xjy6CJi4/j1nporG7OOUnAEBzyU/tY/edE0Twf6r9nIPY4eM6e2LwPvO9OSYaRrd/JTtxJiXemU18MzyM76y6hXfdTtepdQWTl0sX6uJ9Eoerva+kJmvrTZJG3Qk0B+2yKAhNb3sWUtxcOykkTM6EJVpHyVD8ZnIIpLeGk7N75Fl0okZmap8Vf1oIyODZA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 23 Mar 2024 14:10:42 GMT; Max-Age=31536000; Secure
bm_sz=A3234D909B70757449630FBB50A1F66E~YAAQn0ISAi974w2HAQAA4hb1ExMISXTZYy8Jdsp6Ci6tXiB5G9AbaxIXondI9Yy0UZF6jmmzeL00BUUXIkGGB+zQZ3ovsP0ZmJQl2v9Ddz0pogSo82XWfppezGjganplyTd9E0KNCtOdtqJ7zHlqx4Xud8qv90jsd4rfsqc2ZfMZvLujVVK89NS+WH0vpbgrqnRREUkRwgUGmRaiDRvpFuMOSA07YOE22vmTVj9L6tVBdmWyvN0gU+ILquqgtmBHxqUyK6o78vY2RRVUmgadUieQFcqnPmzL33FhY2kOY+cn3hVTLKg/~4342068~3488049; Domain=.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 18:10:42 GMT; Max-Age=14400
access-control-allow-origin: *
connection: close
webpa-landing-dzenai.com/auth/login/static/js/general_alt.js?single
144.126.226.199200 OK 4.3 kB URL HTTP/1.1 webpa-landing-dzenai.com/auth/login/static/js/general_alt.js?single
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (9269)
Hash d58e2e0ea4d05f784bf8ae7d2b7a96d8
3b33da1b314a65d647747926e734c327393221ab
953c80fb4dde4c8eb3c9c45ad94c7afe06e8b973906985ede331fd1ebcccb44e
Analyzer Verdict Alert fortinet Phishing
GET /auth/login/static/js/general_alt.js?single HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
Cookie: ADRUM_BTa=R:33|g:ac8473e7-b8d7-4809-a794-ea397c94bf1a|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:33|i:206936; ISD_WCM_COOKIE=!z2MtF75BOF5POHjz2xKqB3cO2dndHgQVykyorhuyv5qA1LCZv2Mi0DRbOe2klDHf5sFdTWLaLFZ9cbQ=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
content-type: application/javascript; charset=UTF-8
content-encoding: gzip
content-length: 4282
vary: Accept-Encoding
expires: Fri, 24 Mar 2023 14:10:42 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Fri, 24 Mar 2023 14:10:42 GMT
set-cookie: WesdAksn=AwgX9ROHAQAAib3uik1_97u_mMktsJ5Oz4PM-Hb2CrMwD6xjdBKjNvdE0xfBAZB-4secuDv8wH8AAEB3AAAAAA|1|0|603ec5ba447cac9dd40bd6e286c79371953d906c; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=4zf+V5oHw0odOlTFK6R5p+vx5p+7bkpclX8p5ikjFhM%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:42 GMT;Httponly; Secure
strict-transport-security: max-age=31536000 ; includeSubDomains
access-control-allow-origin: *
connection: close
static.wellsfargo.com/assets/js/wfui/container/wfui-container-top.js
23.36.79.27200 OK 22 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/container/wfui-container-top.js
IP 23.36.79.27:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (62498)
Hash 72f517ad4d628e341b6508d8803023fc
04eeec53953df7a797045396bc3ec0b729196786
51ea24364c63ce967dc48245c353d37ff158afcac947a33871367761d8e67366
GET /assets/js/wfui/container/wfui-container-top.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 08 Mar 2023 21:10:13 GMT
Vary: Accept-Encoding
ETag: W/"6408f9b5-f472"
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 21883
Date: Fri, 24 Mar 2023 14:10:42 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=sPQzK6CQKrOaSTFbIFeLXg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
104.110.27.78200 OK 1.7 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash c5f6eb132665afa77e8ac7a1a707e951
70d65ab0dcfaace4c1d8bbb772af4fd7c6f66c80
0d7727e08780a04f9c86fca16ed264664eea2b161744cfb70836880bf04fc1ac
GET /assets/images/rwd/wf_logo_220x23.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61bcfcce-10c2"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 853
x-check-cacheable: YES
content-length: 1710
content-type: image/webp
cache-control: private, no-transform, max-age=1440828
expires: Mon, 10 Apr 2023 06:24:30 GMT
date: Fri, 24 Mar 2023 14:10:42 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_gettyimages-691573493_1700x700.jpg
104.110.27.78200 OK 25 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_gettyimages-691573493_1700x700.jpg
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x423, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 73d5e0b0076f087b0878d8d90308b115
6af270bc7003c54dcff68b2b283c43799bc85abc
490dbbb001e913bcb03b5b1099174db6ff6ff1fe8396f2ab44e63c29899f1168
GET /assets/images/contextual/responsive/hpprimary/wfi_ph_gettyimages-691573493_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61fc441a-17f0e"
last-modified: Thu, 14 Jul 2022 02:03:05 GMT
server: Akamai Image Manager
content-length: 24624
content-type: image/webp
cache-control: private, no-transform, max-age=1620275
expires: Wed, 12 Apr 2023 08:15:17 GMT
date: Fri, 24 Mar 2023 14:10:42 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
104.110.27.78200 OK 49 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
IP 104.110.27.78:0
File type PNG image data, 1187 x 406, 8-bit colormap, non-interlaced\012- data
Hash 4576998e5446061faba47c4c609823e0
3beff60a8beab6ef65403e7bc02f996509c737a2
9730d81c67de0dae104be9a17b43a179e68557cc4a10a81c95fd451630d04b39
GET /assets/images/sprite/responsive-sprite-v7.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 48569
last-modified: Thu, 21 Jul 2022 20:05:23 GMT
etag: "62d9b183-bdb9"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
cache-control: max-age=12493631
expires: Wed, 16 Aug 2023 04:37:53 GMT
date: Fri, 24 Mar 2023 14:10:42 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
104.110.27.78200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
IP 104.110.27.78:0
File type Web Open Font Format (Version 2), TrueType, length 22424, version 1.13107\012- data
Hash 0a1639ebe9fab396657a62aa5233c832
9b58164729ad918dd7255e4856f9da7f3a90bfde
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
GET /assets/fonts/wellsfargosans-rg.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://webpa-landing-dzenai.com
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22424
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5798"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=6034300
expires: Fri, 02 Jun 2023 10:22:22 GMT
date: Fri, 24 Mar 2023 14:10:42 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
104.110.27.78200 OK 23 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
IP 104.110.27.78:0
File type Web Open Font Format (Version 2), TrueType, length 22600, version 1.13107\012- data
Hash 83df8749c013f13019fa8e0912041759
2bbffcf012a59e47661c0a37edda0fc772992ae7
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
GET /assets/fonts/wellsfargosans-sbd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://webpa-landing-dzenai.com
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22600
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5848"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=6034304
expires: Fri, 02 Jun 2023 10:22:26 GMT
date: Fri, 24 Mar 2023 14:10:42 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
104.110.27.78200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
IP 104.110.27.78:0
File type Web Open Font Format (Version 2), TrueType, length 22172, version 1.13107\012- data
Hash f0307736c3a6ef356722f1dc3e9fa3f4
e29ea90ba786f0e08caa770dcfdfe923f619bebd
6bc7e16d4b6822a6867d7dd9f9d29f5fd77cd803750b0fe38a92309d9eb00704
GET /assets/fonts/wellsfargosans-bd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://webpa-landing-dzenai.com
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22172
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-569c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=5877477
expires: Wed, 31 May 2023 14:48:39 GMT
date: Fri, 24 Mar 2023 14:10:42 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
104.110.27.78200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
IP 104.110.27.78:0
File type Web Open Font Format (Version 2), TrueType, length 21636, version 1.13107\012- data
Hash 1a2740c8df445989e4ee5f5396b6474c
a3f8545619fdd5b2a481952cd9e2c7b169bb43a6
63673faef8532b2789dee1ac7534f87b1a6a249590acc7da8644beda141794fc
GET /assets/fonts/wellsfargosans-lt.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://webpa-landing-dzenai.com
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 21636
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5484"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=6034289
expires: Fri, 02 Jun 2023 10:22:11 GMT
date: Fri, 24 Mar 2023 14:10:42 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
webpa-landing-dzenai.com/_bm/get_params?type=get-akid
144.126.226.199200 OK 42 B URL HTTP/1.1 webpa-landing-dzenai.com/_bm/get_params?type=get-akid
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with no line terminators
Hash cfacba0a04ffdc4f81884aec72a2933e
3057877d7266eeae39163471d735f64cfdd4b043
810fcdc2c1cf3f789b1d622223a882e5ba0f48b36c02329ac81a952455325029
Analyzer Verdict Alert fortinet Phishing
GET /_bm/get_params?type=get-akid HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
Cookie: ADRUM_BTa=R:33|g:166a9b27-52cb-4018-9904-c7ed7e930332|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:33|i:206915|e:5; ISD_WCM_COOKIE=!i6NTZxd+vzG0GPkGl7IZxfIs0wroUYEWx6N059rEdC2OtG1R6tkERoE2xunA1/jtWR2Ed/iWJbe8rNI=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
content-length: 42
date: Fri, 24 Mar 2023 14:10:42 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains
set-cookie: DCID=mWF62XSjsDhSnpnt%2fhwumA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=65AF3283ED876551ADE65B12BAEC994C~-1~YAAQn0ISAkN74w2HAQAAnxj1EwlwSD45KiA7/lcx1Ml74xRVjI0YJbVQPbRcC1HRlQLbPsFFtr1WoppgkL53UuA/iKcA/uaKIjbHlMR2Z5yUW5Xd4aBR+COXkHI6EUDkw5qz91dN4uQX8udiv1y9vPGQ9qReOFZx6o+sRh0/v35bMIgAGOv6glRILGAWac8S+mk2/YzSgs/odVM7A+4ZOrrIzbQ8tEqzpbP9enKWTX1U51GIGVL7ASXZWpkXVLQU1h1WMcJcXv+ZALiRDWKXDUI7yHLOfDx4PEHGqqSnsvvng8bhHMwGyJWFLRdN1Z3czDHDN/6q0vz46FO4LPsHkmEbTccLDSpPww/Pjizu8PeQa7bM2HnaZ0ZdJQCXY7f08g==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 23 Mar 2024 14:10:42 GMT; Max-Age=31536000; Secure
bm_sz=127990445C52E7A4E5B861D61AF7C924~YAAQn0ISAkR74w2HAQAAnxj1ExPMTTtYgSTIA9bSgHP7wNgC9UVvFzFqpsF2ElrSje3v7/J2qQX2yKypR+tN+i+JqfarLqLwnavt/oM88IMGCxqwMdQnb5e+orwIpRegHMbB9pBvXodc8pe1+GQ1G+qJY4jCsCj8fMdtfv0B3T+W5j/VhbBLEZeYi7EZt0CQEBcdHjITIqZkKtVZSrS8rB2d7qXM3IkTlLh+X60XumwcOAEST8gE4WvGiV6xFNFo68w8/+/VmC/v3MjGIvIDzIXoNsINJjV6/tokaTfH1EwZGDbUFxNV~4342068~3488049; Domain=.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 18:10:42 GMT; Max-Age=14400
content-type: application/json
access-control-allow-origin: *
connection: close
webpa-landing-dzenai.com/as/target/offers/conversations
144.126.226.199200 OK 660 B URL HTTP/1.1 webpa-landing-dzenai.com/as/target/offers/conversations
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with very long lines (1269), with no line terminators
Hash eddd800fe706806e131e873e36b03e26
1d50686f551bb6e445e6173664b5a657de2de661
279560f7692cd7497812036cba2a7fb454111f3d6a92a4851bedefc3f0be6740
Analyzer Verdict Alert fortinet Phishing
POST /as/target/offers/conversations HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 100
Origin: https://webpa-landing-dzenai.com
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
Cookie: ADRUM_BTa=R:33|g:166a9b27-52cb-4018-9904-c7ed7e930332|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:33|i:206915|e:5; ISD_WCM_COOKIE=!i6NTZxd+vzG0GPkGl7IZxfIs0wroUYEWx6N059rEdC2OtG1R6tkERoE2xunA1/jtWR2Ed/iWJbe8rNI=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
content-type: application/json;charset=UTF-8
pragma: no-cache
cache-control: no-cache, no-store, max-age=0
expires: -1
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
date: Fri, 24 Mar 2023 14:10:42 GMT
content-length: 660
set-cookie: ADRUM_BTa=R:33|g:166a9b27-52cb-4018-9904-c7ed7e930332|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:33|i:206915|e:5; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:45|g:46d3f175-7b30-4a63-b0f9-f87ad9a3af6d; Expires=Fri, 24-Mar-2023 14:11:12 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:45|g:46d3f175-7b30-4a63-b0f9-f87ad9a3af6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 24-Mar-2023 14:11:12 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 24-Mar-2023 14:11:12 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:45|i:206917; Expires=Fri, 24-Mar-2023 14:11:12 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:45|i:206917|e:22; Expires=Fri, 24-Mar-2023 14:11:12 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=768D7A81399EF14B0B6DD7D2B9C35600; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sat, 23-Mar-2024 14:10:42 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202303240710421139307907; domain=.wellsfargo.com; path=/; expires=21 Mar 2033 14:10:42 GMT; secure=true; SameSite=Lax; HttpOnly
DCID=yuBZRHGYiQcpae8IpJSX68p%2f5t6V5iC69CHhBSRzEqY%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:42 GMT;Httponly; Secure
_abck=0F39A95BEACE1B13C442077F35968498~-1~YAAQn0ISAkV74w2HAQAAqxj1EwlRZ0yEAYbYYE6492AIInWOi47wtNPDnXUfNhQ2VoTuQjZo6Tcu5xWskdxpyXev1VStWbqwqyRpYjiJkJt3CuZEfZpJmEit5HubqtLQ0sGYFPk1CqHXjT3ziykdDV/zZt+y2zGEeurtvpDYSgzfQTMMsm0+g4rMEo4NPWQo3kyKfNM6rYzYN29Xlut2KwYk9NH4meI5mya4xR0lgwpNvDjVEEb0vKkrIu0ZvsRIufDtDxfT9sxpfIYTXWL+cyx3X36k0JbneDRFwMuWevyjtP3sjniDnXGMRQjPrDHRlyag6tT/RjfnOFey0f6bvQOhOEWHDlUMOhUMYAby/jz4OweQ7IVz2eNpNXomtzfvJw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 23 Mar 2024 14:10:42 GMT; Max-Age=31536000; Secure
bm_sz=2F305FA21319F27D245DE549E1A4C0FA~YAAQn0ISAkZ74w2HAQAAqxj1ExOG93usjN3QZNXUTpbsLRM5esYwltG8EIRuE+EKHZBTq3jwoACOk2E112rM3WjHPrnDoDb/GGZ43w7Y2d8s93yVHdjs7LrjdDFSxoV73QjhseuXWeS7YXK9Kf5X1Coce085T9jbZalf8W1KAwXyYwU1cTDtg1rqo+tV/vJjUdyCrk6n/LNJbtUjfakfykWUA8Flqxw1QqJRG20dH1xhbaKW2c91KwDVoahFbH82SnKRgCKHJZ0KphcBUt0icphhowrjAce0BJMxSACZHiyrWo2UFHae~4342068~3488049; Domain=.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 18:10:42 GMT; Max-Age=14400
strict-transport-security: max-age=31536000 ; includeSubDomains
access-control-allow-origin: *
connection: close
static.wellsfargo.com/assets/js/wfui/ndep/websdk/nuance-websdk-loader.js
23.36.79.27200 OK 14 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/ndep/websdk/nuance-websdk-loader.js
IP 23.36.79.27:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (43411)
Hash 2071856c9449aac2fcb613d4c0e1c7e1
8988bca8cd8ea6bf8b70e3a44afccd14d36f76ba
428e3a0b9fc1e90cdc9b21b2dacf3d1b9b0b044e1d9ebb44614a699bcf42f2d3
GET /assets/js/wfui/ndep/websdk/nuance-websdk-loader.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 08 Feb 2023 04:05:49 GMT
Vary: Accept-Encoding
ETag: W/"63e31f9d-a9c5"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 13794
Date: Fri, 24 Mar 2023 14:10:42 GMT
Connection: keep-alive
Set-Cookie: DCID=R6Y0kSaEGW4T6aglQcnHq7vZ%2fWy3AJmKJxarp6eS+Lg%3d; Domain=static.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:42 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
webpa-landing-dzenai.com/J4o5pxGr/zXO/Ft-/IxG4kKKO0h/pYm5fDVXaV/GiAcSikD/IRg/KCDJKMzw
144.126.226.199201 Created 18 B URL HTTP/1.1 webpa-landing-dzenai.com/J4o5pxGr/zXO/Ft-/IxG4kKKO0h/pYm5fDVXaV/GiAcSikD/IRg/KCDJKMzw
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
urlquery phishing Phishing - Wells Fargo
fortinet Phishing
POST /J4o5pxGr/zXO/Ft-/IxG4kKKO0h/pYm5fDVXaV/GiAcSikD/IRg/KCDJKMzw HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2032
Origin: https://webpa-landing-dzenai.com
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
Cookie: ADRUM_BTa=R:33|g:166a9b27-52cb-4018-9904-c7ed7e930332|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:33|i:206915|e:5; ISD_WCM_COOKIE=!i6NTZxd+vzG0GPkGl7IZxfIs0wroUYEWx6N059rEdC2OtG1R6tkERoE2xunA1/jtWR2Ed/iWJbe8rNI=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 201 Created
content-length: 18
date: Fri, 24 Mar 2023 14:10:42 GMT
content-type: application/json
strict-transport-security: max-age=31536000 ; includeSubDomains
set-cookie: DCID=Mp6VHrg3bYzxQj5uq5ITSg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=Mp6VHrg3bYzxQj5uq5ITSg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=922ABD8F43304987D548A7EF517BAFA2~-1~YAAQn0ISAkl74w2HAQAA3Bj1EwkqMcaVrlcz98cQuuBpTJJ1+b9TMzzJVt7WiXQezWvuwV0SO8FuZ/Xro5zeaBPOu32Ft5SCnubAzj0zS0AtGjTpniIKldlwYgMtNpIalImVRLWEU/+eHSscM0/NLzHPiAA6JlVua82SZrGGrgBpjgG8Xu+LlIbkpMPK8KF7ehms3+VdcxptXsT2D4asUBKRG/VbASGEXiiQoQxj7XLuasJKqhnyRXmGEa0+npRvND7aj3B6LTtSX8iqKObdFcuO9l5nYAPg3VveMwHFeKneQ/poREeQgXIRWctVH1otoPdtBNduI/+jnZe3s0YdWJBgFf8GpTUksNiE8w2oXm8zlDnTMNRPvKHex9md6SXTBA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 23 Mar 2024 14:10:42 GMT; Max-Age=31536000; Secure
bm_sz=7C5363C838363FDE023E78736551A79A~YAAQn0ISAkp74w2HAQAA3Bj1ExMRPAssm3SOJiATqUVUCGbwvVgXtCAwF1gBoiTwNL2f9Us87a9tI0ehEVg5c0f8w22e05H2vYNihSJnEGm+EVx00MTZronP5D/7J3HAHBjITSRD0jlWvLkPq+2krP5sCS8yozUKPhz9S8PAwORDI3cTKMtY0eGFCspWwgSb2ATfKwOCgR0943IcAcPyyfHCoN/ZGtcuamT7Sgnbu/c1OnMs4r3Qw9F5/4kuCcEiRSUhpjV5Wgje8ugytllxxXupQZl7honLGa3Avz3GaoBxohsm9jw/~4342068~3488049; Domain=.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 18:10:42 GMT; Max-Age=14400
access-control-allow-origin: *
connection: close
webpa-landing-dzenai.com/assets/images/global/s.gif?log=1&cb=1679667041558&event=PageLoad&pid=tcm:702-225258-64&ptid=tcm:702-223694-128&pageUrl=https%3A%2F%2Fwww.wellsfargo.com%2Fbiz%2F&clist=702-228795-16~91-2829-32|84-224686-16~91-2049-32|84-6793-16~91-223645-32|84-192509-16~91-223645-32|84-148263-16~91-223645-32|84-38072-16~91-223645-32|84-226264-16~91-223649-32|84-233306-16~91-223645-32|84-226382-16~91-223645-32|84-226516-16~91-223647-32|84-244189-16~91-236597-32|84-226480-16~91-226306-32|242-224785-16~91-223660-32|182-235016-16~91-223671-32|242-238621-16~91-228642-32|182-226262-16~91-223669-32|84-225008-16~91-223650-32|182-247102-16~91-244420-32|84-225025-16~91-223650-32|84-225026-16~91-223650-32|84-225027-16~91-223673-32|84-226514-16~91-223668-32|84-226635-16~91-223675-32
144.126.226.199200 OK 43 B URL HTTP/1.1 webpa-landing-dzenai.com/assets/images/global/s.gif?log=1&cb=1679667041558&event=PageLoad&pid=tcm:702-225258-64&ptid=tcm:702-223694-128&pageUrl=https%3A%2F%2Fwww.wellsfargo.com%2Fbiz%2F&clist=702-228795-16~91-2829-32|84-224686-16~91-2049-32|84-6793-16~91-223645-32|84-192509-16~91-223645-32|84-148263-16~91-223645-32|84-38072-16~91-223645-32|84-226264-16~91-223649-32|84-233306-16~91-223645-32|84-226382-16~91-223645-32|84-226516-16~91-223647-32|84-244189-16~91-236597-32|84-226480-16~91-226306-32|242-224785-16~91-223660-32|182-235016-16~91-223671-32|242-238621-16~91-228642-32|182-226262-16~91-223669-32|84-225008-16~91-223650-32|182-247102-16~91-244420-32|84-225025-16~91-223650-32|84-225026-16~91-223650-32|84-225027-16~91-223673-32|84-226514-16~91-223668-32|84-226635-16~91-223675-32
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
urlquery phishing Phishing - Wells Fargo
GET /assets/images/global/s.gif?log=1&cb=1679667041558&event=PageLoad&pid=tcm:702-225258-64&ptid=tcm:702-223694-128&pageUrl=https%3A%2F%2Fwww.wellsfargo.com%2Fbiz%2F&clist=702-228795-16~91-2829-32|84-224686-16~91-2049-32|84-6793-16~91-223645-32|84-192509-16~91-223645-32|84-148263-16~91-223645-32|84-38072-16~91-223645-32|84-226264-16~91-223649-32|84-233306-16~91-223645-32|84-226382-16~91-223645-32|84-226516-16~91-223647-32|84-244189-16~91-236597-32|84-226480-16~91-226306-32|242-224785-16~91-223660-32|182-235016-16~91-223671-32|242-238621-16~91-228642-32|182-226262-16~91-223669-32|84-225008-16~91-223650-32|182-247102-16~91-244420-32|84-225025-16~91-223650-32|84-225026-16~91-223650-32|84-225027-16~91-223673-32|84-226514-16~91-223668-32|84-226635-16~91-223675-32 HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
Cookie: ADRUM_BTa=R:33|g:ac8473e7-b8d7-4809-a794-ea397c94bf1a|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:33|i:206936; ISD_WCM_COOKIE=!z2MtF75BOF5POHjz2xKqB3cO2dndHgQVykyorhuyv5qA1LCZv2Mi0DRbOe2klDHf5sFdTWLaLFZ9cbQ=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
content-type: image/gif
content-length: 43
last-modified: Fri, 24 May 2013 20:08:06 GMT
etag: "519fc8a6-2b"
expires: Thu, 23 Mar 2023 14:10:42 GMT
cache-control: no-cache
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
date: Fri, 24 Mar 2023 14:10:42 GMT
set-cookie: DCID=f6OZipTD1vxTTkSmYRwOUMeL8ZWX%2fJoqfklaTuWTVqI%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:42 GMT;Httponly; Secure
strict-transport-security: max-age=31536000 ; includeSubDomains
access-control-allow-origin: *
connection: close
static.wellsfargo.com/assets/js/wfui/ndep/css/nuance-c2c-button.css
23.36.79.27200 OK 2.7 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/ndep/css/nuance-c2c-button.css
IP 23.36.79.27:0
ASN #20940 Akamai International B.V.
File type ASCII text, with CRLF line terminators
Hash 5257c2e188d24ddc00cc92573e5f2cfb
3526eb21d812e9ebfcb3514cc2ff9ad53abe442e
ae7a3a2c2db5a1dc74814e5001e439aeeae648e3b31cdb7474856dc52ea0b223
GET /assets/js/wfui/ndep/css/nuance-c2c-button.css HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Wed, 14 Jul 2021 10:08:23 GMT
Vary: Accept-Encoding
ETag: W/"60eeb797-2bb3"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 2671
Date: Fri, 24 Mar 2023 14:10:42 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=eM8EgW2T+CG%2fIwaf8rgcxQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/hp/utag.js
23.36.79.32200 OK 55 kB URL HTTP/1.1 c1.wfinterface.com/tracking/hp/utag.js
IP 23.36.79.32:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (14989)
Hash 325fd5c1e9f3b04b500aa0a5214d9219
8adc6878a065c03ca375c03e509b1124e2d737db
a55e9e2d4fd5dbf0eb3a9437ce9fc2bcdd94e12693be87fcc0546aff39c4be98
GET /tracking/hp/utag.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Mon, 13 Feb 2023 21:04:14 GMT
Vary: Accept-Encoding
ETag: W/"63eaa5ce-32385"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 54869
Date: Fri, 24 Mar 2023 14:10:42 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=%2foy90cxyxYPOdyRoSLlaAQ%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/assets/js/wfui/ndep/css/nuance-chat.css
23.36.79.27200 OK 505 B URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/ndep/css/nuance-chat.css
IP 23.36.79.27:0
ASN #20940 Akamai International B.V.
File type ASCII text, with CRLF, LF line terminators
Hash e2966fedd68930d5281a2ed6ea61c0d3
1ede5572cf49f251c212abdbd6f2df4bb48de1fe
c2ef5abb39d304068b5476114ebc952a97c091ea59348c8ba3adeadc715976ad
GET /assets/js/wfui/ndep/css/nuance-chat.css HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Tue, 17 Nov 2020 14:00:34 GMT
Vary: Accept-Encoding
ETag: W/"5fb3d782-52b"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 505
Date: Fri, 24 Mar 2023 14:10:42 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=OyzzVhvT%2fhdYyELkkz6wlw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/cyber_1700x700.jpg
104.110.27.78200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/cyber_1700x700.jpg
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x423, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash cadf7def5368f8ab7907884394fe8f97
3bb30552e9ea05489085603c20f8bf41c0dfc6b5
4d875bd85c1eec04e7ce696786fb41228cb81be3dcec951f8870b59662fc0ef5
GET /assets/images/contextual/responsive/hpprimary/cyber_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "633de465-15094"
last-modified: Thu, 06 Oct 2022 14:36:47 GMT
server: Akamai Image Manager
content-length: 21760
content-type: image/webp
cache-control: private, no-transform, max-age=1891079
expires: Sat, 15 Apr 2023 11:28:41 GMT
date: Fri, 24 Mar 2023 14:10:42 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
104.110.27.78200 OK 2.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash cd43a2d200f1b8eec84495408eb299f0
2eb173b0af9b49b634e0645a96931f5fdf6e3ab3
659ec8c02bafa9c286c39731fb1d2d382a7a8dd2ee8cc4132146558dbe27b6a8
GET /assets/images/homepage/position-1-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61619278-9f2c"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 858
x-check-cacheable: YES
content-length: 2330
content-type: image/webp
cache-control: private, no-transform, max-age=1530603
expires: Tue, 11 Apr 2023 07:20:45 GMT
date: Fri, 24 Mar 2023 14:10:42 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/icons/marketing_belt_icons/icn_marketing_belt_checking_64x64.png
104.110.27.78200 OK 1.0 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/icons/marketing_belt_icons/icn_marketing_belt_checking_64x64.png
IP 104.110.27.78:0
File type ISO Media, AVIF Image\012- data
Hash 687712193c942b67bb57377576a56d0f
86148c04aba6a18960ab985d7a90e11c17dc3b36
59bd7dd508d7560483b79bfd3db688a487c70620d5d8994d646695c837cbf6a7
GET /assets/images/rwd/icons/marketing_belt_icons/icn_marketing_belt_checking_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63cb7c48-957"
last-modified: Mon, 13 Feb 2023 08:26:35 GMT
server: Akamai Image Manager
content-length: 1041
content-type: image/avif
cache-control: private, no-transform, max-age=1534784
expires: Tue, 11 Apr 2023 08:30:26 GMT
date: Fri, 24 Mar 2023 14:10:42 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
104.110.27.78200 OK 2.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2f9e97870725142046712437d067b97f
bf8db685193835edea05ac95e5671b24e0f49467
50ce7b0d954443e5fd62e3cd003bc7124bda0b30dd58d6a66485c72be96959c0
GET /assets/images/homepage/position-2-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61619278-cf3e"
last-modified: Thu, 14 Jul 2022 02:02:39 GMT
server: Akamai Image Manager
content-length: 2340
content-type: image/webp
cache-control: private, no-transform, max-age=1447616
expires: Mon, 10 Apr 2023 08:17:38 GMT
date: Fri, 24 Mar 2023 14:10:42 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
104.110.27.78200 OK 2.1 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash bf02d082705f06162b2e73f68602e79e
219dbb45081fa5d8663bad2f96e9066e7f17aa6e
10c22e3b130204065c1a61e7995a9defe21f0408801e8b442035a03f8d16ad64
GET /assets/images/homepage/position-3-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61619278-7b35"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
x-serial: 416
x-check-cacheable: YES
content-length: 2092
content-type: image/webp
cache-control: private, no-transform, max-age=1531189
expires: Tue, 11 Apr 2023 07:30:31 GMT
date: Fri, 24 Mar 2023 14:10:42 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-4-bg-gradient.png
104.110.27.78200 OK 2.6 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-4-bg-gradient.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 1626a2f9535a10e8d076cab3de0df78f
4c2c4d82a3d4b49457a8a17a345c07c9617202fd
3fbf3b0d590832220370ac5dd608fa737315363f163967c6671d228bd3161084
GET /assets/images/homepage/position-4-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61619278-ea13"
last-modified: Thu, 14 Jul 2022 02:02:46 GMT
server: Akamai Image Manager
x-serial: 1250
x-check-cacheable: YES
content-length: 2594
content-type: image/webp
cache-control: private, no-transform, max-age=1630345
expires: Wed, 12 Apr 2023 11:03:07 GMT
date: Fri, 24 Mar 2023 14:10:42 GMT
X-Firefox-Spdy: h2
static.wellsfargo.com/assets/js/wfui/ndep/js/nuan_websdk_bootstrap.js
23.36.79.27200 OK 35 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/ndep/js/nuan_websdk_bootstrap.js
IP 23.36.79.27:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (306), with CRLF line terminators
Hash 6b6e25186e12dddab5cfc7e3eaf88138
b10a74c86e7fa78e2c8a7b3797bcfaf7ccc717e7
c626e63ae020f2dff5a3dd67681ef69d4fb334218d325321dabfa5e206586602
GET /assets/js/wfui/ndep/js/nuan_websdk_bootstrap.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 09 Nov 2022 04:37:55 GMT
Vary: Accept-Encoding
ETag: W/"636b2ea3-24709"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 35227
Date: Fri, 24 Mar 2023 14:10:42 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=eSTzenq7gaPiQhBpuaAqfQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
webpa-landing-dzenai.com/auth/login/static/js/general_alt.js?1js
144.126.226.199200 OK 308 kB URL HTTP/1.1 webpa-landing-dzenai.com/auth/login/static/js/general_alt.js?1js
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (65357)
Size 308 kB (308145 bytes)
Hash 09692edc541783c3d9e1fffdd645c70e
a0dc9751050cc567a7f7f7732116e16a1117989f
1fded794298268e8997cff93efa597bb60d71528d3e8ca4af840a7dd38a64e11
Analyzer Verdict Alert fortinet Phishing
GET /auth/login/static/js/general_alt.js?1js HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
Cookie: ADRUM_BTa=R:33|g:166a9b27-52cb-4018-9904-c7ed7e930332|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:33|i:206915|e:5; ISD_WCM_COOKIE=!i6NTZxd+vzG0GPkGl7IZxfIs0wroUYEWx6N059rEdC2OtG1R6tkERoE2xunA1/jtWR2Ed/iWJbe8rNI=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
content-type: application/javascript; charset=UTF-8
content-encoding: gzip
vary: Accept-Encoding
expires: Fri, 24 Mar 2023 14:10:42 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Fri, 24 Mar 2023 14:10:42 GMT
transfer-encoding: chunked
set-cookie: DCID=%2fNfOVx8lndoaHNJus4cBidkt+AB2KsckiCAAA3acbAoR1Pw0pvtGAqjaQBogden+; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:42 GMT;Httponly; Secure
strict-transport-security: max-age=31536000 ; includeSubDomains
access-control-allow-origin: *
connection: close
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8004
Expires: Fri, 24 Mar 2023 16:24:06 GMT
Date: Fri, 24 Mar 2023 14:10:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8004
Expires: Fri, 24 Mar 2023 16:24:06 GMT
Date: Fri, 24 Mar 2023 14:10:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8004
Expires: Fri, 24 Mar 2023 16:24:06 GMT
Date: Fri, 24 Mar 2023 14:10:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8004
Expires: Fri, 24 Mar 2023 16:24:06 GMT
Date: Fri, 24 Mar 2023 14:10:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8004
Expires: Fri, 24 Mar 2023 16:24:06 GMT
Date: Fri, 24 Mar 2023 14:10:42 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd4aeb81c-baed-41b0-91c6-0a3439c6f3aa.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd4aeb81c-baed-41b0-91c6-0a3439c6f3aa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6cdbc190c56cfc889845d881cf88fed4
106075aa275beeaa40d4fa0587c3cee93b763bcf
5959109c9d987617bdcbb6e1ca8553d970b365390140906d41ff9a84462f1b2b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd4aeb81c-baed-41b0-91c6-0a3439c6f3aa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4970
x-amzn-requestid: d55dee06-0562-4a17-8109-595ec62cc440
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CQPHzHu2IAMFgfQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641cc564-2f3b14aa47db00ba68b963b8;Sampled=0
x-amzn-remapped-date: Thu, 23 Mar 2023 21:32:20 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: Dzf09PcQ1jc16E3V0kY1OcG4BipVgcvIVi3jtrv2rkllCed-6QnxFg==
via: 1.1 ec27e2bbc77d9805bead471453d2094c.cloudfront.net (CloudFront), 1.1 d16c3f15bd14953a9d4109eaaa991de2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 22:15:05 GMT
etag: "106075aa275beeaa40d4fa0587c3cee93b763bcf"
content-type: image/jpeg
age: 57337
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6bf7d96-8563-4612-89c2-6d00db18f9f6.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6bf7d96-8563-4612-89c2-6d00db18f9f6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d733019c5326d4617096c74ae22fdffd
72bc0b2a19ca257ac974460f81af47fcfa2fee24
6746fcedbf4aad5c94582162e343d160fdc7d127bae807d1a97a9d7a231c9a70
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6bf7d96-8563-4612-89c2-6d00db18f9f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6721
x-amzn-requestid: bf32e1c8-cac1-4f04-abe6-fba2e9e824f3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CK89vHbyoAMFc7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641aa857-5d84ed861375c4ba04a2ae30;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 07:03:51 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 60VbucTVJnuo0rLzrTvbdbQOIMQmhDMQT8st-Y49_plnM_akqw_V4w==
via: 1.1 59456abf79b201034ab5c9cfef7355e2.cloudfront.net (CloudFront), 1.1 d0387b833e3ca8cb748a1296b4b4bf2a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 04:01:18 GMT
age: 36564
etag: "72bc0b2a19ca257ac974460f81af47fcfa2fee24"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd11f3110-26b3-4e61-a4be-71f97e3d6614.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd11f3110-26b3-4e61-a4be-71f97e3d6614.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 04db6085e8ec938c1385fb33b32ae036
0f173b8971723ec380a9610b3dda8f64890f6f37
873d5942c34057339f7a9c53a9d4cdc3a0b82f01223f851898da0ebbe0a628bc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd11f3110-26b3-4e61-a4be-71f97e3d6614.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7482
x-amzn-requestid: 843e4bba-1550-44c4-be10-dd333148f83d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CQPHxFuuIAMFvmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641cc564-03f5d2675850409e70748490;Sampled=0
x-amzn-remapped-date: Thu, 23 Mar 2023 21:32:20 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: i3f56KYdhzWqiBtE9-vSMBC17mWa0qZfxQb3AmHcNvApYKse8O3DdQ==
via: 1.1 46673955829b59a6da0ab071e0b7fbea.cloudfront.net (CloudFront), 1.1 27a84054de24e45f952ea4056a821764.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 21:56:06 GMT
age: 58476
etag: "0f173b8971723ec380a9610b3dda8f64890f6f37"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 85351059b67b0a42eda7e69a31b3b4b4
b798268806dc2f79f033e5872676019faf0e0cc1
86e163b7159b197d6358ab01333ac6da221de0ebe1c5da8d5cef2977d38625fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4000
x-amzn-requestid: 68dc01d7-3eed-48f6-8532-8efaa96cc1ec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJpraEqyoAMFgNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2315-3852cc8961365a560d1fa02f;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: vOBDFA2LzOIp_0dMXApotrithfiToWtpM2xMRyx1pWAE86olKT6EpQ==
via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 02:36:43 GMT
age: 41639
etag: "b798268806dc2f79f033e5872676019faf0e0cc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff06722a0-5f82-452b-ac9a-80d0ca71d101.png
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff06722a0-5f82-452b-ac9a-80d0ca71d101.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c37bd8ec8ce9f45025fa76a31f60c68e
61ebc4cf54dd3ea145304f75ff199c4e0252906e
2c15447add79e494ffa5002cd0037ad8ffb154074fced77f2169a44c0340c75f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff06722a0-5f82-452b-ac9a-80d0ca71d101.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7600
x-amzn-requestid: ed7adb8b-5aa9-45b8-bc46-bdb716b95c4e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CQP4OHu8IAMFY6g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641cc69a-46199f6b296939d662f19933;Sampled=0
x-amzn-remapped-date: Thu, 23 Mar 2023 21:37:30 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: LP06Tcwj6aCuEqQXcE7oWBFpo88Ewh3PPSnFfwjecq7ejw9Mtfij8w==
via: 1.1 0a166b53605851fe961f5a2952e5a748.cloudfront.net (CloudFront), 1.1 aabd01c4a20dae837d162bd972422efc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 21:46:58 GMT
etag: "61ebc4cf54dd3ea145304f75ff199c4e0252906e"
content-type: image/jpeg
age: 59024
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
static.wellsfargo.com/assets/js/wfui/ndep/js/nuan-c2c.js
23.36.79.27200 OK 5.6 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/ndep/js/nuan-c2c.js
IP 23.36.79.27:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (928), with CRLF line terminators
Hash 00e6f77045d9c92840a490cfcdc9ff6a
22f273b66fe0c5d43cf747fb9868b0904d5ee4b8
4d144f941f05ff42f2a818328b7524c6d3f2b6efc1fe93a09794af14ad262f6c
GET /assets/js/wfui/ndep/js/nuan-c2c.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 16 Mar 2022 05:41:26 GMT
Vary: Accept-Encoding
ETag: W/"62317886-590b"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 5649
Date: Fri, 24 Mar 2023 14:10:42 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Me8Ake7yGGBDxovBcEzKnQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
webpa-landing-dzenai.com/J4o5pxGr/zXO/Ft-/IxG4kKKO0h/pYm5fDVXaV/GiAcSikD/IRg/KCDJKMzw
144.126.226.199201 Created 18 B URL HTTP/1.1 webpa-landing-dzenai.com/J4o5pxGr/zXO/Ft-/IxG4kKKO0h/pYm5fDVXaV/GiAcSikD/IRg/KCDJKMzw
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
urlquery phishing Phishing - Wells Fargo
fortinet Phishing
POST /J4o5pxGr/zXO/Ft-/IxG4kKKO0h/pYm5fDVXaV/GiAcSikD/IRg/KCDJKMzw HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2263
Origin: https://webpa-landing-dzenai.com
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
Cookie: SameSite=None; ISD_WCM_COOKIE=!i6NTZxd+vzG0GPkGl7IZxfIs0wroUYEWx6N059rEdC2OtG1R6tkERoE2xunA1/jtWR2Ed/iWJbe8rNI=; ADRUM_BTa=R:45|g:46d3f175-7b30-4a63-b0f9-f87ad9a3af6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:45|i:206917|e:22; utag_main=v_id:018713f542f1001e27158d28199800050002d00900918$_sn:1$_se:1$_ss:1$_st:1679668853298$ses_id:1679667053298%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 201 Created
content-length: 18
date: Fri, 24 Mar 2023 14:10:43 GMT
content-type: application/json
strict-transport-security: max-age=31536000 ; includeSubDomains
set-cookie: DCID=5c7NSZvN9whJjjnwd27pog%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=5c7NSZvN9whJjjnwd27pog%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=AFAEB5346D519B3E2627ACF6D355C1D4~-1~YAAQn0ISAmd74w2HAQAAdRv1Ewl9Bf0rBTeqoqBeXFAf7LSxQPwUVYfpgr3gM0xDShaibxB1AD1sB9/+/5UA446Eyi73kl7OAsAGc/t3sf+/r6Y/i2qGdtOIr6W8hdDskhCaMxUktx0jTB5dudL382tUH6WnoGEwj2P22w0nm2q9fA/DSc+wh0a++Xf30Dwm9g/8bpIIXO1MO99IK/QEQ/trqgdLyCiF51BTGtrrThJtouOxefthKc7Taaivhv1i0R+au8DHJJeHRkLY+CoBKZq+f7hQm3SjqTFngDDB4oCrJ3SRzOy7R7Cj0a08XNsJlR/0IrT46yFtRw3aTuNniZzMu8yiecfeXLFCQFlvcjlDQs/c0sQ0TjjPQDzGEL9rPA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 23 Mar 2024 14:10:43 GMT; Max-Age=31536000; Secure
bm_sz=CADF5A46F77BC74D21B042C06B6D6C8A~YAAQn0ISAmh74w2HAQAAdRv1ExNGXn+cmtwPd0NYmFVW5eh5xT4r0LGEHzp3hQv+zBmonM4QfsXryQ/XESXE2vVKAVCC9toWg6Kxmbgl95Qq6Ga5Qxd8qBGpuJ2T23Zwc7IVIbp9YGJaGi+oHFTKl+Sq0IACW4/FN4AEXhXlNt2D52/NLjXNxZt34ep11hDSSYr+J3traQpaKlnBTbMnZXBEJHH+DUkPcXYStJ/Z/QjwjIQomtrZNN2P8Tu+q5j78YA5s6t2/aJYk+LycW/s03S3oljrvBZ09NOBWkQiX8hg0bX/6a71~3553588~4339000; Domain=.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 18:10:43 GMT; Max-Age=14400
access-control-allow-origin: *
connection: close
webpa-landing-dzenai.com/auth/login/static/js/general_alt.js?async&seed=AABL6xOHAQAAmd_6XcWJQK4zZ0jAGB2XP9CvWEzWbPM_8G6rXio9AsrR8QzB&X-G2Q3kxs3--z=q
144.126.226.199200 OK 149 kB URL HTTP/1.1 webpa-landing-dzenai.com/auth/login/static/js/general_alt.js?async&seed=AABL6xOHAQAAmd_6XcWJQK4zZ0jAGB2XP9CvWEzWbPM_8G6rXio9AsrR8QzB&X-G2Q3kxs3--z=q
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (65536), with no line terminators
Size 149 kB (149084 bytes)
Hash 46500534b74a455430d3bd97588bedd1
13a0f6541568d633e730fc7ebc20a731333ace89
9417e664b75d2cc433e295f470ee72d5349b9ab26ffa9bf2faae925a0bb7fe78
GET /auth/login/static/js/general_alt.js?async&seed=AABL6xOHAQAAmd_6XcWJQK4zZ0jAGB2XP9CvWEzWbPM_8G6rXio9AsrR8QzB&X-G2Q3kxs3--z=q HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
Cookie: ADRUM_BTa=R:33|g:166a9b27-52cb-4018-9904-c7ed7e930332|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:33|i:206915|e:5; ISD_WCM_COOKIE=!i6NTZxd+vzG0GPkGl7IZxfIs0wroUYEWx6N059rEdC2OtG1R6tkERoE2xunA1/jtWR2Ed/iWJbe8rNI=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
content-type: application/javascript; charset=UTF-8
content-encoding: gzip
vary: Accept-Encoding
expires: Fri, 24 Mar 2023 14:10:43 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Fri, 24 Mar 2023 14:10:43 GMT
content-length: 149084
set-cookie: WesdAksn=AxwY9ROHAQAA9mRXz88JhQyd_dzfY-2d453h26f3bc-AEx0GGOPM1LYMeaI0AZB-4secuDv8wH8AAEB3AAAAAA|1|0|614f866be601d16c1cffa986ffb0d8fd6b30a8b9; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=0NA9U+BW4JjOfS8Y2vB6J6dLnzWzRe7sfa%2f2zMsmmX37RMMMUb02wxPHX3P1tbbN; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:42 GMT;Httponly; Secure
strict-transport-security: max-age=31536000 ; includeSubDomains
access-control-allow-origin: *
connection: close
www17.wellsfargomedia.com/assets/images/rwd/photography/product/small-business/card/fatnav/cc-business-platinum_79x49.png
104.110.27.78200 OK 1.4 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/photography/product/small-business/card/fatnav/cc-business-platinum_79x49.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 0880265bd118920fd1ca18eabb29c528
49602ee1485b1f4055635d42c568546e13aa8c90
37dd0a3404af3c62777281c147d144378dd6809620e531e58a17423abc057c38
GET /assets/images/rwd/photography/product/small-business/card/fatnav/cc-business-platinum_79x49.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6335f9d5-1a8f"
last-modified: Mon, 03 Oct 2022 02:02:07 GMT
server: Akamai Image Manager
x-serial: 1888
x-check-cacheable: YES
content-length: 1436
content-type: image/webp
cache-control: private, no-transform, max-age=1300523
expires: Sat, 08 Apr 2023 15:26:06 GMT
date: Fri, 24 Mar 2023 14:10:43 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/photography/product/small-business/card/fatnav/cc-business-elite_79x49.png
104.110.27.78200 OK 1.4 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/photography/product/small-business/card/fatnav/cc-business-elite_79x49.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash cc3d77556283919af04e0641e3e37250
1e96a649e7cb434597082cc204b050127e36e8f8
21c8d2fc781f13fb45ae4208b353c983d49d41c3505e94e29b5c1d5c31e19c68
GET /assets/images/rwd/photography/product/small-business/card/fatnav/cc-business-elite_79x49.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6335f9d8-1bfd"
last-modified: Sun, 18 Dec 2022 17:40:21 GMT
server: Akamai Image Manager
x-serial: 1005
x-check-cacheable: YES
content-length: 1350
content-type: image/webp
cache-control: private, no-transform, max-age=1279950
expires: Sat, 08 Apr 2023 09:43:13 GMT
date: Fri, 24 Mar 2023 14:10:43 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/icons/marketing_belt_icons/icn-marketing-belt-cash-hand_64x64.png
104.110.27.78200 OK 2.5 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/icons/marketing_belt_icons/icn-marketing-belt-cash-hand_64x64.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 01695377e69f7063e1550746495c81f5
609ec8ee8dd28f128f0477b6147817750c9b341e
5c9d48467771247548445209a10047ced732d2da276c072f4c6c5a483405c944
GET /assets/images/rwd/icons/marketing_belt_icons/icn-marketing-belt-cash-hand_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61c275a2-103b"
last-modified: Thu, 14 Jul 2022 02:03:01 GMT
server: Akamai Image Manager
content-length: 2520
content-type: image/webp
cache-control: private, no-transform, max-age=1684811
expires: Thu, 13 Apr 2023 02:10:54 GMT
date: Fri, 24 Mar 2023 14:10:43 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/icons/marketing_belt_icons/icn_marekting_belt_credit_card_64x64.png
104.110.27.78200 OK 1.2 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/icons/marketing_belt_icons/icn_marekting_belt_credit_card_64x64.png
IP 104.110.27.78:0
File type ISO Media, AVIF Image\012- data
Hash ec1901a970b1a0bf53f4361e73192bc4
9d33d520684c05c664704817b742627079407596
218645e7ef67b0cfa48151695051ac42fec1edfd3493aa91ba477cb2d09ef691
GET /assets/images/rwd/icons/marketing_belt_icons/icn_marekting_belt_credit_card_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63cb7c48-9d0"
last-modified: Tue, 14 Feb 2023 16:34:52 GMT
server: Akamai Image Manager
x-serial: 1366
x-check-cacheable: YES
content-length: 1180
content-type: image/avif
cache-control: private, no-transform, max-age=1620295
expires: Wed, 12 Apr 2023 08:15:38 GMT
date: Fri, 24 Mar 2023 14:10:43 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/icons/marketing_belt_icons/icn_marketing_belt_touchless_64x64.png
104.110.27.78200 OK 1.9 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/icons/marketing_belt_icons/icn_marketing_belt_touchless_64x64.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2fd7f8c24576c73072097bf2e6259185
0fbda4c7e3b800aec15fea0539ad703ae61d6046
144529be2df1a6a4bbcbd82b300cd99b256fea8a768d3488f8080f4c0a908260
GET /assets/images/rwd/icons/marketing_belt_icons/icn_marketing_belt_touchless_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61c275a2-bde"
last-modified: Thu, 14 Jul 2022 02:03:01 GMT
server: Akamai Image Manager
content-length: 1930
content-type: image/webp
cache-control: private, no-transform, max-age=1249823
expires: Sat, 08 Apr 2023 01:21:06 GMT
date: Fri, 24 Mar 2023 14:10:43 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/matchmaker_woman_1600x700.jpg
104.110.27.78200 OK 35 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/matchmaker_woman_1600x700.jpg
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x502, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 539b8a50b31186a56fc5f1ab1297ea78
575c94d22bac962bf0417f00c9539f28ad6296f0
bdb5cb84e084b4f210b9d4d961ed3c47d650e48d5010d6eeeba0a06338ca5988
GET /assets/images/contextual/responsive/lpromo/matchmaker_woman_1600x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61c4837f-1857e"
last-modified: Thu, 14 Jul 2022 02:03:06 GMT
server: Akamai Image Manager
x-serial: 322
x-check-cacheable: YES
content-length: 34606
content-type: image/webp
cache-control: private, no-transform, max-age=1620330
expires: Wed, 12 Apr 2023 08:16:13 GMT
date: Fri, 24 Mar 2023 14:10:43 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Navtive_App_Phone_Personal.png
104.110.27.78200 OK 9.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Navtive_App_Phone_Personal.png
IP 104.110.27.78:0
File type ISO Media, AVIF Image\012- data
Hash 410e804d3d953d170d9becc3937c87bd
6ecdc6f3be242d26d1d8994f5897178606b42e51
19dc1d60456ad2d1ea9bac9a8133b71796d0eb8e233b4ac97231f89e924a7c97
GET /assets/images/rwd/Navtive_App_Phone_Personal.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6350580b-41c5b"
last-modified: Sun, 12 Mar 2023 16:31:14 GMT
server: Akamai Image Manager
x-serial: 1234
x-check-cacheable: YES
content-length: 9310
content-type: image/avif
cache-control: private, no-transform, max-age=1563634
expires: Tue, 11 Apr 2023 16:31:17 GMT
date: Fri, 24 Mar 2023 14:10:43 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/food_truck_card_insert_616x353.jpg
104.110.27.78200 OK 26 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/food_truck_card_insert_616x353.jpg
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e004488f9fb67721f39390f524ad5c78
24a7cf417462d429cc72dc5ea55873c4cdeef796
1b422aeb872e1f5c9a0c4ea9db41f1022d6c38a83d7e5e806d1ca6741ab3be6a
GET /assets/images/rwd/photography/616x353/food_truck_card_insert_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "62a189a9-b2b6"
last-modified: Thu, 14 Jul 2022 02:02:38 GMT
server: Akamai Image Manager
content-length: 25792
content-type: image/webp
cache-control: private, no-transform, max-age=1581933
expires: Tue, 11 Apr 2023 21:36:16 GMT
date: Fri, 24 Mar 2023 14:10:43 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/woman_kitchen_tablet_616x353.jpg
104.110.27.78200 OK 26 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/woman_kitchen_tablet_616x353.jpg
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash ce943ec0868d0b5769548025730ebb06
31d26f01d9a1e62d683b1165bec3d6e5b5310093
be1ec3a15be24dbd2904218e9def59d04b54bdca02738ee718a55823572f179a
GET /assets/images/rwd/photography/616x353/woman_kitchen_tablet_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "62a189a8-c00f"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
content-length: 25762
content-type: image/webp
cache-control: private, no-transform, max-age=1620344
expires: Wed, 12 Apr 2023 08:16:27 GMT
date: Fri, 24 Mar 2023 14:10:43 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/man_tablet_flower_shop_616x353.jpg
104.110.27.78200 OK 33 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/man_tablet_flower_shop_616x353.jpg
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 65a51929096fa18d4bb06f2a29891a75
d34df0eb676d584af89dfc2b6e022b4910b90cc0
d67a289220cf94e6d81eefe14a1a911aeeff5010229d78c409fe55761f2d8108
GET /assets/images/rwd/photography/616x353/man_tablet_flower_shop_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "62a189aa-d24b"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
content-length: 33186
content-type: image/webp
cache-control: private, no-transform, max-age=1552958
expires: Tue, 11 Apr 2023 13:33:21 GMT
date: Fri, 24 Mar 2023 14:10:43 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/2_woman_cafe_folder_616x353.jpg
104.110.27.78200 OK 55 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/2_woman_cafe_folder_616x353.jpg
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a974c3d7e7eec33c0b3a6a51bc5dda5b
e3c5e2e739d51f334183573016c9e00de421bed5
ca43102cb524defb85fcf58b1236f271a8c02303e3e4e1df6351273867576cce
GET /assets/images/rwd/photography/616x353/2_woman_cafe_folder_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "62a189aa-11d15"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 54586
content-type: image/webp
cache-control: private, no-transform, max-age=1604959
expires: Wed, 12 Apr 2023 04:00:02 GMT
date: Fri, 24 Mar 2023 14:10:43 GMT
X-Firefox-Spdy: h2
c1.wfinterface.com/tracking/gb/detector-dom.min.js
23.36.79.32200 OK 132 kB URL HTTP/1.1 c1.wfinterface.com/tracking/gb/detector-dom.min.js
IP 23.36.79.32:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65434)
Size 132 kB (131829 bytes)
Hash 73ad7a8f8ccda765b898b038f90d8274
756ac35ad2422d93a0b327dfeff7fe9200695883
60ccc38cf175aba7cbe63bf1ec6319b5c1648d9a52014dfefa6ec718476a17b7
GET /tracking/gb/detector-dom.min.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 20:03:51 GMT
Vary: Accept-Encoding
ETag: W/"632cbfa7-6b8d3"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 131829
Date: Fri, 24 Mar 2023 14:10:43 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=GlUF7VAEnx2zn3WZ3tap5Q%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/man_computer_paper_shop_616x353.jpg
104.110.27.78200 OK 33 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/man_computer_paper_shop_616x353.jpg
IP 104.110.27.78:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 616x353, components 3\012- data
Hash 816d65c2758ff533fa6e21801daeb1e6
08e4d8044b39ddbef43651cb29b371c450e651c1
72137441f0a479553ec1c095ac9f20ae25a6a1a631f910415ea2e18eb367f2bd
GET /assets/images/rwd/photography/616x353/man_computer_paper_shop_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "62a189aa-a3e7"
last-modified: Thu, 14 Jul 2022 02:02:38 GMT
server: Akamai Image Manager
x-serial: 510
x-check-cacheable: YES
content-length: 32871
content-type: image/jpeg
cache-control: private, no-transform, max-age=1291611
expires: Sat, 08 Apr 2023 12:57:34 GMT
date: Fri, 24 Mar 2023 14:10:43 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/man_woman_shoes_616x353.jpg
104.110.27.78200 OK 25 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/man_woman_shoes_616x353.jpg
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 11d5c849b66051138628a9cbe63132fd
7b30e03cf2ba108867c248ecdc8207bd6a4bb80c
ba5375591bbba655a050fea8fb3c9dfa7561d09a102c7b4a987999cc7b4ddb0d
GET /assets/images/rwd/photography/616x353/man_woman_shoes_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "62a189a9-d12c"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
content-length: 25094
content-type: image/webp
cache-control: private, no-transform, max-age=1535035
expires: Tue, 11 Apr 2023 08:34:38 GMT
date: Fri, 24 Mar 2023 14:10:43 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/woman_computer_writing_mugs_616x353.jpg
104.110.27.78200 OK 34 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/woman_computer_writing_mugs_616x353.jpg
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 58ede609c8abd3ba38aa9d0e8de3298e
b2236e0ac30a78ef74c1db03a331f2cdc78dbf34
8e7880330ef42f2dd950fea1001a6124574a5a03afc384b88a2b744b9875fbb5
GET /assets/images/rwd/photography/616x353/woman_computer_writing_mugs_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "62a189a8-e4dd"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 33632
content-type: image/webp
cache-control: private, no-transform, max-age=1523276
expires: Tue, 11 Apr 2023 05:18:39 GMT
date: Fri, 24 Mar 2023 14:10:43 GMT
X-Firefox-Spdy: h2
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
23.36.79.27200 OK 14 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
IP 23.36.79.27:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (32088), with CRLF line terminators
Hash 3aebe41731e9656c48b87e8e8b2d1177
43369d1732f4ad8a5e7a1e9a3e133d96945afe02
6cf0cd136cefa8b4cce2da6ead22c33b83af4af3e87d7e4e9589b60f6ce4e395
GET /assets/js/wfui/appdynamics/adrum-ext.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 09 Mar 2021 18:36:55 GMT
Vary: Accept-Encoding
ETag: W/"6047c047-b11c"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 14304
Date: Fri, 24 Mar 2023 14:10:43 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=JA2flYDuanTakrKimTLiew%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1
23.36.79.32200 OK 45 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1
IP 23.36.79.32:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?id=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Fri, 24 Mar 2023 14:10:43 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=jap8xtMEWks0wiEOC4Jrzg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
webpa-landing-dzenai.com/J4o5pxGr/zXO/Ft-/IxG4kKKO0h/pYm5fDVXaV/GiAcSikD/IRg/KCDJKMzw
144.126.226.199201 Created 18 B URL HTTP/1.1 webpa-landing-dzenai.com/J4o5pxGr/zXO/Ft-/IxG4kKKO0h/pYm5fDVXaV/GiAcSikD/IRg/KCDJKMzw
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
urlquery phishing Phishing - Wells Fargo
fortinet Phishing
POST /J4o5pxGr/zXO/Ft-/IxG4kKKO0h/pYm5fDVXaV/GiAcSikD/IRg/KCDJKMzw HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2425
Origin: https://webpa-landing-dzenai.com
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
Cookie: SameSite=None; ISD_WCM_COOKIE=!i6NTZxd+vzG0GPkGl7IZxfIs0wroUYEWx6N059rEdC2OtG1R6tkERoE2xunA1/jtWR2Ed/iWJbe8rNI=; ADRUM_BTa=R:45|g:46d3f175-7b30-4a63-b0f9-f87ad9a3af6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:45|i:206917|e:22; utag_main=v_id:018713f542f1001e27158d28199800050002d00900918$_sn:1$_se:1$_ss:1$_st:1679668853298$ses_id:1679667053298%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 201 Created
content-length: 18
date: Fri, 24 Mar 2023 14:10:43 GMT
content-type: application/json
strict-transport-security: max-age=31536000 ; includeSubDomains
set-cookie: DCID=HrHXJJshx6l0hwvXYingVA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=HrHXJJshx6l0hwvXYingVA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=8608AD91C4F34ABF7B012D13966899D4~-1~YAAQn0ISApR74w2HAQAAMx71Ewlmkq+HExTn+MbS8lUmxV+61UPhChTef43ZO5SEpUjPNr4+K620VCUrgQFZQy03N2phC9toFk5PiwST3AX7JigyZgS3er2I7fjupSGWRHg1YvN5k5kXkprhYa0dLCvSoQqo0NoWoxSTaTVXRq+HHE3A92jCW0/jeSfGV6L7C3vkT2pkl3MqtMqG8RL/b1tCTDjnawfh2qvH7b67+N1rGGbJpL3loWxR32GvETBUTI13Ca1IUNTM5SAPmAvtBMggs9KMIiCDQflKEZ5swPFrHUmpwyaF3Er725TNdqq5cVVVt9NGpHSz0LWIIwvr/uCjgmKNXqoNjbUUpYMyGcgZ3Ozm3vS5v6EzjobCeKVsag==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 23 Mar 2024 14:10:43 GMT; Max-Age=31536000; Secure
bm_sz=B8BFA09BBAAD477C16B6CBF5BD780389~YAAQn0ISApV74w2HAQAAMx71ExPdeK4WgUZkSurLMq1ybGHx5jhaiOdzioXGeofS3i8rgZVyYZNL6tN1WqQluDkO7Ymca2w+/8JtT9NESzDSGSnPI2C/pYq7gdOw5AXvZcGhnlqsQnbYWE2Z0+SxepUIWC2yCsncBZvzuUpZEO3KAdx5sfIK6ysQAi1xQLpuDV4eyrOjOj5ReO+UFjFJS9MMrxEcyHf+BQU4p0yHnESMGeMH0Im1evsxduLnAlhOOtaq7br1f3y0gTl0wn1LdwUQa8A4ZrGU5kRr/bC8gAD5BexgQHYF~3553588~4339000; Domain=.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 18:10:43 GMT; Max-Age=14400
access-control-allow-origin: *
connection: close
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 1eafb93b43a0c15aa0a5ec304be9a85c
be7e23035630e505954b9a0b907aa0628afc180c
37ccfa43119516e76649a5d67257337ca71aeab9b854fd4fce13e271ae3ac1d8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1840
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 14:10:43 GMT
Last-Modified: Fri, 24 Mar 2023 13:40:03 GMT
Server: ECAcc (ska/F775)
X-Cache: HIT
Content-Length: 471
c1.wfinterface.com/tracking/ytc/ytc.js
23.36.79.32200 OK 5.6 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ytc/ytc.js
IP 23.36.79.32:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (15032)
Hash c48fe5e804797f0f227c7b840d74a48c
af0ab8fe13f1dc1de7363cfbfc14eacf766a13c2
1a2fbaccd0201b433a5fe36253718facae1b50d23d6af5884279f563a7494c2f
GET /tracking/ytc/ytc.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 15 Jul 2021 21:00:28 GMT
Vary: Accept-Encoding
ETag: W/"60f0a1ec-3ad3"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 5614
Date: Fri, 24 Mar 2023 14:10:43 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=aJYjYKvrYD9S0rEXdGTp8Q%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1679667054342
54.228.21.106200 OK 321 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1679667054342
IP 54.228.21.106:0
File type JSON data\012- , ASCII text, with very long lines (382), with no line terminators
Hash 88f6feb84bd8cec95a0c3d228ac67440
2e1b5b5f1993bb17c2684d4273bee0d70d4c81e6
a9b40d247917bf34fdd53d65db90f3dc9156a3f89ae4a67123198869382ed87d
GET /id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1679667054342 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://webpa-landing-dzenai.com
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://webpa-landing-dzenai.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v046-0d62fe975.edge-irl1.demdex.com 1 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=16859792583809617570030956444548351160; Max-Age=15552000; Expires=Wed, 20 Sep 2023 14:10:44 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: tO9RwH4NTf4=
Content-Length: 321
Connection: keep-alive
webpa-landing-dzenai.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
144.126.226.199200 OK 175 B URL HTTP/1.1 webpa-landing-dzenai.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with no line terminators
Hash 2cad3764e593803d1d8833a625e4f694
28f37d33793b99dd58f72a4d859e737b73fa94ef
0215b2e3a5b759121bad2e65d1454f7e6c690669ca5ee9379926e284b7680738
Analyzer Verdict Alert fortinet Phishing
POST /dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
Content-Type: multipart/form-data; boundary=---------------------------164002011640834115481132068110
Origin: https://webpa-landing-dzenai.com
Content-Length: 171
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!i6NTZxd+vzG0GPkGl7IZxfIs0wroUYEWx6N059rEdC2OtG1R6tkERoE2xunA1/jtWR2Ed/iWJbe8rNI=; ADRUM_BTa=R:45|g:46d3f175-7b30-4a63-b0f9-f87ad9a3af6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:45|i:206917|e:22; utag_main=v_id:018713f542f1001e27158d28199800050002d00900918$_sn:1$_se:1$_ss:1$_st:1679668853298$ses_id:1679667053298%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQBVD94uqTXE8CmqtEb2tNBdCcGRxQuD5EIm2i6thbk%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
content-type: application/json
content-length: 175
access-control-allow-origin: *
vary: Origin
x-envoy-decorator-operation: ingress DeviceCategoryPost4
date: Fri, 24 Mar 2023 14:10:44 GMT
set-cookie: DCID=dN1UbW13hRqN2TaY9VtpxcLvr+fRARvTnLcdzqp2SUY%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:44 GMT;Httponly; Secure
_abck=0302E9BA5F18FA1CDE9533EC888964D1~-1~YAAQn0ISAp574w2HAQAACR/1Ewk2Q8XATaQ4L6NgcxXVmuxdB5T2xT6Mg/9dfoNGOrYWr4+efn+Wsu29kf2fkOLjmQDPKlP6giXHtqHT8bukfZE/clL1RS3m/OGScvAPXNZCjPtCO4mapnvbzzjiBSoLjPhAxh/o8es1IDxGWQBgaEXl7ApDcWHVizuTo4hUqGEBH8I63P/jQpJetDc9vAfNJ2NhUfVucRqVb3C6PtW0xg2OX2gDryVdwEOA5Q5cEFbT9LXJs8nMbJgU5OM0lc8rUtHaXQTREq4R0A1FA9gTnoo+80g0mxSuin1STO6nd1fVCZv/B9zG1ziexu613wXpUA0oVkiSOG2bvlcBFQwDnAmOtXHZeAejHOFRRhmluw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 23 Mar 2024 14:10:44 GMT; Max-Age=31536000; Secure
bm_sz=F3AC864B22B683BD97A5E7544A720D9C~YAAQn0ISAp974w2HAQAACR/1ExOrcfXhG2gLKCJkQU/xUO7SGDXStFqBfuZmUrXdNt2kDNume79/IXYV7l+YYukKzXrP3Im1eRaeXl9E/koLZRrls7ZQ3fUfmEm9EHRsuBfdcDC8RTVS+0S7jjVlDVUKtwr+ASFWVAu3CSBggeAZ4Vk1Uc7p6jEbSkmo33kUz2FpJYezVkJsV2/OMdZ6Dpku5/YQNzYEUQA/aeWQNYkT7hh0Jg8RvyymulVRhAj2Udb7+IwI5HeTysp8RcQkTTz6/BYsna862SS1ppRpfjKITTwRYf8D~3553588~4339000; Domain=.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 18:10:43 GMT; Max-Age=14399
strict-transport-security: max-age=31536000 ; includeSubDomains
connection: close
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 8ed3047ee91d173a374a1a85ae52a7a8
4b6029b31d616b6ce4510bbebfa3d19727830cb4
97397600ff0e83eabe0185e5d326aa997f8cec6ea2ae7d0af7d08015b11a6c4e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 24 Mar 2023 14:10:44 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 23 Mar 2023 08:38:01 GMT
Expires: Thu, 30 Mar 2023 08:38:00 GMT
Etag: "4b6029b31d616b6ce4510bbebfa3d19727830cb4"
Cache-Control: max-age=497835,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7acf7fd069f70b41-OSL
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=16868145080992557580027289125498535595&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%0111202303240710411293110133%011&ts=1679667054771
54.228.21.106200 OK 321 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=16868145080992557580027289125498535595&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%0111202303240710411293110133%011&ts=1679667054771
IP 54.228.21.106:0
File type JSON data\012- , ASCII text, with very long lines (382), with no line terminators
Hash dc0331435078f38a98d0a462ebabe1ef
3ccdfba2885100d1c238dd1ea00ef2d2eb74c2c3
0ae6963862146054c6dc6c49b21bbd4e6490db26562faf7f09d77858a0b2cde4
GET /id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=16868145080992557580027289125498535595&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%0111202303240710411293110133%011&ts=1679667054771 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://webpa-landing-dzenai.com
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://webpa-landing-dzenai.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v046-0ec49e33e.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=18806877196746921132382558558783785504; Max-Age=15552000; Expires=Wed, 20 Sep 2023 14:10:44 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: jKvPt3PASxU=
Content-Length: 321
Connection: keep-alive
s.yimg.com/wi/config/10028472.json
87.248.119.251200 OK 2 B URL HTTP/2 s.yimg.com/wi/config/10028472.json
IP 87.248.119.251:0
ASN #203220 Yahoo! UK Services Limited
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /wi/config/10028472.json HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://webpa-landing-dzenai.com
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: WXQ86C6671N8WJXB
x-amz-id-2: hj+OCnTVd3CkPr0g6XFpGfyQuTXgy//T9hFXzO0RZ/1j4g2Mstox0DV265qsO5FrdwRySdHKPXZkoxOfNqcVgw==
content-type: application/json
date: Fri, 24 Mar 2023 14:09:42 GMT
server: ATS
referrer-policy: no-referrer-when-downgrade
cache-control: public,max-age=3600
content-length: 2
age: 62
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash a104e717e17997522c4c02fdf750623c
bf0b2999fad7765f66ae5eada1e72820b76720e7
c87f5759ec8c77e14489d46b1d4244548646db54e10823528c40353daafb66b9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5884
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 14:10:44 GMT
Etag: "641c928e-1d7"
Last-Modified: Fri, 24 Mar 2023 12:32:40 GMT
Server: ECAcc (amb/6B0A)
X-Cache: HIT
Content-Length: 471
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
23.36.79.27200 OK 16 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
IP 23.36.79.27:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (599)
Hash 18a9dcc7cee831010cf1647c8e39088a
731f39c30835414c6e165dd4687bf4071fe0eb10
1dc439a17ef08f995584c4869ccc397120b2502b57ba40240887df28e347be9b
GET /assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 03 Mar 2021 23:46:24 GMT
Vary: Accept-Encoding
ETag: W/"60401fd0-bbed"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15970
Date: Fri, 24 Mar 2023 14:10:44 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=0l5PzpRnGn2l1KaJcXuCSw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1679667054348
54.171.39.218200 OK 317 B URL HTTP/1.1 wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1679667054348
IP 54.171.39.218:0
File type JSON data\012- , ASCII text, with very long lines (587), with no line terminators
Hash 3c35aa8c861f436913e420c7d49394c0
dc9d5bf478423417db77450912cdc15cd59d50e7
5d87c7640a178e21c10408191bdb6293e540845ae2f198269bbef1794f726604
POST /event?d_dil_ver=9.5&_ts=1679667054348 HTTP/1.1
Host: wellsfargobankna.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 418
Origin: https://webpa-landing-dzenai.com
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://webpa-landing-dzenai.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v046-0d7e6a16f.edge-irl1.demdex.com 4 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=16859792583809617570030956444548351160; Max-Age=15552000; Expires=Wed, 20 Sep 2023 14:10:44 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: TX4zfta8SCY=
Content-Length: 317
Connection: keep-alive
c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
23.36.79.32200 OK 45 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
IP 23.36.79.32:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=DC-2549153 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Fri, 24 Mar 2023 14:10:44 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=6J4Nmj0KC%2faICSfB6CwR2Q%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1
23.36.79.32200 OK 45 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1
IP 23.36.79.32:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Fri, 24 Mar 2023 14:10:44 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=8sCp3PmV9loabOnrW7vMmg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
23.36.79.32200 OK 45 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
IP 23.36.79.32:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=AW-984436569 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Fri, 24 Mar 2023 14:10:44 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=fqc1mnJi+z1A2z5W%2fYEbMQ%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
webpa-landing-dzenai.com/assets/images/global/s.gif?log=1&pid=702-225258-64&pageUrl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1&cb=1679667054850&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
144.126.226.199200 OK 43 B URL HTTP/1.1 webpa-landing-dzenai.com/assets/images/global/s.gif?log=1&pid=702-225258-64&pageUrl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1&cb=1679667054850&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
urlquery phishing Phishing - Wells Fargo
GET /assets/images/global/s.gif?log=1&pid=702-225258-64&pageUrl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1&cb=1679667054850&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!i6NTZxd+vzG0GPkGl7IZxfIs0wroUYEWx6N059rEdC2OtG1R6tkERoE2xunA1/jtWR2Ed/iWJbe8rNI=; ADRUM_BTa=R:45|g:46d3f175-7b30-4a63-b0f9-f87ad9a3af6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:45|i:206917|e:22; utag_main=v_id:018713f542f1001e27158d28199800050002d00900918$_sn:1$_se:2$_ss:0$_st:1679668854486$ses_id:1679667053298%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQBVD94uqTXE8CmqtEb2tNBdCcGRxQuD5EIm2i6thbk%3D%22%2C%22_s%22%3A%22Rhtwd94j%22%7D; _cls_v=f0f2fcac-5857-4e3f-87db-bc61a10ae063; _cls_s=e97eb424-8a15-4de4-a248-65a81c79c74e:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C16868145080992557580027289125498535595%7CMCAAMLH-1680271854%7C6%7CMCAAMB-1680271854%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1026669790%7CMCOPTOUT-1679674254s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
content-type: image/gif
content-length: 43
last-modified: Fri, 24 May 2013 20:08:06 GMT
etag: "519fc8a6-2b"
expires: Thu, 23 Mar 2023 14:10:44 GMT
cache-control: no-cache
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
date: Fri, 24 Mar 2023 14:10:44 GMT
set-cookie: DCID=TwyZR5GP52%2fjMgBOIGqp6yewsD%2fAHByDUJ05LnQS3QbNbVYvx4d3Ku0J%2fFNcPUaJ; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:44 GMT;Httponly; Secure
strict-transport-security: max-age=31536000 ; includeSubDomains
access-control-allow-origin: *
connection: close
webpa-landing-dzenai.com/assets/images/global/s.gif?log=1&pid=702-225258-64&pageUrl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1&cb=1679667054879&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226480-16%7Etcm%3A91-226306-32
144.126.226.199200 OK 43 B URL HTTP/1.1 webpa-landing-dzenai.com/assets/images/global/s.gif?log=1&pid=702-225258-64&pageUrl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1&cb=1679667054879&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226480-16%7Etcm%3A91-226306-32
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
urlquery phishing Phishing - Wells Fargo
GET /assets/images/global/s.gif?log=1&pid=702-225258-64&pageUrl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1&cb=1679667054879&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226480-16%7Etcm%3A91-226306-32 HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!i6NTZxd+vzG0GPkGl7IZxfIs0wroUYEWx6N059rEdC2OtG1R6tkERoE2xunA1/jtWR2Ed/iWJbe8rNI=; ADRUM_BTa=R:45|g:46d3f175-7b30-4a63-b0f9-f87ad9a3af6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:45|i:206917|e:22; utag_main=v_id:018713f542f1001e27158d28199800050002d00900918$_sn:1$_se:2$_ss:0$_st:1679668854486$ses_id:1679667053298%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQBVD94uqTXE8CmqtEb2tNBdCcGRxQuD5EIm2i6thbk%3D%22%2C%22_s%22%3A%22Rhtwd94j%22%7D; _cls_v=f0f2fcac-5857-4e3f-87db-bc61a10ae063; _cls_s=e97eb424-8a15-4de4-a248-65a81c79c74e:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C16868145080992557580027289125498535595%7CMCAAMLH-1680271854%7C6%7CMCAAMB-1680271854%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1026669790%7CMCOPTOUT-1679674254s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
content-type: image/gif
content-length: 43
last-modified: Fri, 24 May 2013 20:08:06 GMT
etag: "519fc8a6-2b"
expires: Thu, 23 Mar 2023 14:10:44 GMT
cache-control: no-cache
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
date: Fri, 24 Mar 2023 14:10:44 GMT
set-cookie: DCID=5JyowbJb+FD5MOxA4EfrjnpnDxr9rqe+cZ%2fuWYVETlurp5iuiFXOpe3eQCpknwYo; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:44 GMT;Httponly; Secure
strict-transport-security: max-age=31536000 ; includeSubDomains
access-control-allow-origin: *
connection: close
webpa-landing-dzenai.com/assets/images/global/s.gif?log=1&pid=702-225258-64&pageUrl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1&cb=1679667054891&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-226451%7Etcm%3A84-1029-2
144.126.226.199200 OK 43 B URL HTTP/1.1 webpa-landing-dzenai.com/assets/images/global/s.gif?log=1&pid=702-225258-64&pageUrl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1&cb=1679667054891&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-226451%7Etcm%3A84-1029-2
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
urlquery phishing Phishing - Wells Fargo
GET /assets/images/global/s.gif?log=1&pid=702-225258-64&pageUrl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1&cb=1679667054891&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-226451%7Etcm%3A84-1029-2 HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!i6NTZxd+vzG0GPkGl7IZxfIs0wroUYEWx6N059rEdC2OtG1R6tkERoE2xunA1/jtWR2Ed/iWJbe8rNI=; ADRUM_BTa=R:45|g:46d3f175-7b30-4a63-b0f9-f87ad9a3af6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:45|i:206917|e:22; utag_main=v_id:018713f542f1001e27158d28199800050002d00900918$_sn:1$_se:2$_ss:0$_st:1679668854486$ses_id:1679667053298%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQBVD94uqTXE8CmqtEb2tNBdCcGRxQuD5EIm2i6thbk%3D%22%2C%22_s%22%3A%22Rhtwd94j%22%7D; _cls_v=f0f2fcac-5857-4e3f-87db-bc61a10ae063; _cls_s=e97eb424-8a15-4de4-a248-65a81c79c74e:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C16868145080992557580027289125498535595%7CMCAAMLH-1680271854%7C6%7CMCAAMB-1680271854%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1026669790%7CMCOPTOUT-1679674254s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
content-type: image/gif
content-length: 43
last-modified: Fri, 24 May 2013 20:08:06 GMT
etag: "519fc8a6-2b"
expires: Thu, 23 Mar 2023 14:10:44 GMT
cache-control: no-cache
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
date: Fri, 24 Mar 2023 14:10:44 GMT
set-cookie: DCID=aQrCmT%2fdHM6YjdcqgwU8pxz7lkNscpieVUjJGWuVvNZvRUbPJHlHH2nyvrIC6ep+; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:44 GMT;Httponly; Secure
strict-transport-security: max-age=31536000 ; includeSubDomains
access-control-allow-origin: *
connection: close
webpa-landing-dzenai.com/assets/images/global/s.gif?log=1&pid=702-225258-64&pageUrl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1&cb=1679667054898&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-254032-16%7Etcm%3A91-223657-32
144.126.226.199200 OK 43 B URL HTTP/1.1 webpa-landing-dzenai.com/assets/images/global/s.gif?log=1&pid=702-225258-64&pageUrl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1&cb=1679667054898&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-254032-16%7Etcm%3A91-223657-32
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
urlquery phishing Phishing - Wells Fargo
GET /assets/images/global/s.gif?log=1&pid=702-225258-64&pageUrl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1&cb=1679667054898&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-254032-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!i6NTZxd+vzG0GPkGl7IZxfIs0wroUYEWx6N059rEdC2OtG1R6tkERoE2xunA1/jtWR2Ed/iWJbe8rNI=; ADRUM_BTa=R:45|g:46d3f175-7b30-4a63-b0f9-f87ad9a3af6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:45|i:206917|e:22; utag_main=v_id:018713f542f1001e27158d28199800050002d00900918$_sn:1$_se:2$_ss:0$_st:1679668854486$ses_id:1679667053298%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQBVD94uqTXE8CmqtEb2tNBdCcGRxQuD5EIm2i6thbk%3D%22%2C%22_s%22%3A%22Rhtwd94j%22%7D; _cls_v=f0f2fcac-5857-4e3f-87db-bc61a10ae063; _cls_s=e97eb424-8a15-4de4-a248-65a81c79c74e:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C16868145080992557580027289125498535595%7CMCAAMLH-1680271854%7C6%7CMCAAMB-1680271854%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1026669790%7CMCOPTOUT-1679674254s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
content-type: image/gif
content-length: 43
last-modified: Fri, 24 May 2013 20:08:06 GMT
etag: "519fc8a6-2b"
expires: Thu, 23 Mar 2023 14:10:44 GMT
cache-control: no-cache
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
date: Fri, 24 Mar 2023 14:10:44 GMT
set-cookie: DCID=A3hm47GcWdBrnQLV2uBs0W3kVOZBwlTn1XCJD385zmxf35FRXBx3S76D0yNqIC6R; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:44 GMT;Httponly; Secure
strict-transport-security: max-age=31536000 ; includeSubDomains
access-control-allow-origin: *
connection: close
tag-wellsfargo.nod-glb.nuance.com/tagserver/nuanceChat.html?UUID=WF_10006005
8.39.193.5200 OK 266 B URL HTTP/1.1 tag-wellsfargo.nod-glb.nuance.com/tagserver/nuanceChat.html?UUID=WF_10006005
IP 8.39.193.5:0
ASN #54396 NUANCE-MOBILITY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a671bc4e541aadc71fd7812d93af15e7
3b8c76ac113e54f3d413e09807f3661c72d0f6b5
ef16255038c7c5847295c3c434243418d898b7b40a9095aeeb65e3ddb7579383
GET /tagserver/nuanceChat.html?UUID=WF_10006005 HTTP/1.1
Host: tag-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: max-age=3600
P3P: policyref="http://tag-wellsfargo.nod-glb.nuance.com/w3c/p3p.xml", CP="NON DSP LAW CUR ADMi TAIi PSAi PSD TELi OUR SAMi IND
ETag: "+6ZNxP/6RTk"
Last-Modified: Wed, 18 Jan 2023 03:46:28 GMT
Accept-Ranges: bytes
Content-Type: text/html; charset=utf-8
Content-Length: 266
Date: Fri, 24 Mar 2023 14:10:44 GMT
webpa-landing-dzenai.com/assets/images/global/s.gif?log=1&pid=702-225258-64&pageUrl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1&cb=1679667054874&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-226516-16%7Etcm%3A91-223647-32
144.126.226.199200 OK 43 B URL HTTP/1.1 webpa-landing-dzenai.com/assets/images/global/s.gif?log=1&pid=702-225258-64&pageUrl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1&cb=1679667054874&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-226516-16%7Etcm%3A91-223647-32
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
urlquery phishing Phishing - Wells Fargo
GET /assets/images/global/s.gif?log=1&pid=702-225258-64&pageUrl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1&cb=1679667054874&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-226516-16%7Etcm%3A91-223647-32 HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!i6NTZxd+vzG0GPkGl7IZxfIs0wroUYEWx6N059rEdC2OtG1R6tkERoE2xunA1/jtWR2Ed/iWJbe8rNI=; ADRUM_BTa=R:45|g:46d3f175-7b30-4a63-b0f9-f87ad9a3af6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:45|i:206917|e:22; utag_main=v_id:018713f542f1001e27158d28199800050002d00900918$_sn:1$_se:2$_ss:0$_st:1679668854486$ses_id:1679667053298%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQBVD94uqTXE8CmqtEb2tNBdCcGRxQuD5EIm2i6thbk%3D%22%2C%22_s%22%3A%22Rhtwd94j%22%7D; _cls_v=f0f2fcac-5857-4e3f-87db-bc61a10ae063; _cls_s=e97eb424-8a15-4de4-a248-65a81c79c74e:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C16868145080992557580027289125498535595%7CMCAAMLH-1680271854%7C6%7CMCAAMB-1680271854%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1026669790%7CMCOPTOUT-1679674254s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
content-type: image/gif
content-length: 43
last-modified: Fri, 24 May 2013 20:08:06 GMT
etag: "519fc8a6-2b"
expires: Thu, 23 Mar 2023 14:10:44 GMT
cache-control: no-cache
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
date: Fri, 24 Mar 2023 14:10:44 GMT
set-cookie: DCID=SP8e1RawBf23XFcpAd5Pt3C1TLP76kBEIk9G7r46m2g%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:44 GMT;Httponly; Secure
strict-transport-security: max-age=31536000 ; includeSubDomains
access-control-allow-origin: *
connection: close
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash a6f4a8545a2286a0405774cbe76342e3
14afd7471fca5aed8e32bbbc0feafcbc124c40b2
bcce318ff04cc28152955cc025bc62c0e430534c5cb0f48066558d76508ef044
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 61
Cache-Control: max-age=90940
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 14:10:44 GMT
Etag: "641c6f63-1d7"
Expires: Sat, 25 Mar 2023 15:26:24 GMT
Last-Modified: Thu, 23 Mar 2023 15:25:23 GMT
Server: ECAcc (ska/F757)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash a6f4a8545a2286a0405774cbe76342e3
14afd7471fca5aed8e32bbbc0feafcbc124c40b2
bcce318ff04cc28152955cc025bc62c0e430534c5cb0f48066558d76508ef044
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5520
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 14:10:44 GMT
Last-Modified: Fri, 24 Mar 2023 12:38:44 GMT
Server: ECAcc (ska/F756)
X-Cache: HIT
Content-Length: 471
webpa-landing-dzenai.com/as/target/offers/dispositions
144.126.226.199200 OK 987 B URL HTTP/1.1 webpa-landing-dzenai.com/as/target/offers/dispositions
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with very long lines (2466), with no line terminators
Hash e30ee4fbb0160f50df691509322aa3bd
1ae2c5b0387e4f3ebdd9de775e25c4cd2ab78b36
d2ee38bf4b2ceb22d4abd8b462406092855d259a4911d9c7dae2684a65afb38d
Analyzer Verdict Alert fortinet Phishing
POST /as/target/offers/dispositions HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
Content-Type: application/json
Origin: https://webpa-landing-dzenai.com
Content-Length: 273
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!i6NTZxd+vzG0GPkGl7IZxfIs0wroUYEWx6N059rEdC2OtG1R6tkERoE2xunA1/jtWR2Ed/iWJbe8rNI=; ADRUM_BTa=R:45|g:46d3f175-7b30-4a63-b0f9-f87ad9a3af6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:45|i:206917|e:22; utag_main=v_id:018713f542f1001e27158d28199800050002d00900918$_sn:1$_se:2$_ss:0$_st:1679668854486$ses_id:1679667053298%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQBVD94uqTXE8CmqtEb2tNBdCcGRxQuD5EIm2i6thbk%3D%22%2C%22_s%22%3A%22Rhtwd94j%22%7D; _cls_v=f0f2fcac-5857-4e3f-87db-bc61a10ae063; _cls_s=e97eb424-8a15-4de4-a248-65a81c79c74e:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C16868145080992557580027289125498535595%7CMCAAMLH-1680271854%7C6%7CMCAAMB-1680271854%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1026669790%7CMCOPTOUT-1679674254s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
content-type: application/json;charset=UTF-8
pragma: no-cache
cache-control: no-cache, no-store, max-age=0
expires: -1
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
date: Fri, 24 Mar 2023 14:10:44 GMT
content-length: 987
set-cookie: ADRUM_BTa=R:45|g:46d3f175-7b30-4a63-b0f9-f87ad9a3af6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:45|i:206917|e:22; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:45|g:0765c13e-59ef-480f-b053-79b03d2d0cf1; Expires=Fri, 24-Mar-2023 14:11:14 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:45|g:0765c13e-59ef-480f-b053-79b03d2d0cf1|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 24-Mar-2023 14:11:14 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 24-Mar-2023 14:11:14 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:45|i:206917; Expires=Fri, 24-Mar-2023 14:11:14 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:45|i:206917|e:22; Expires=Fri, 24-Mar-2023 14:11:14 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=BF543216228389E508267A5D49B7CE8B; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sat, 23-Mar-2024 14:10:44 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202303240710441103824416; domain=.wellsfargo.com; path=/; expires=21 Mar 2033 14:10:44 GMT; secure=true; SameSite=Lax; HttpOnly
DCID=xd4yZ8Fc60f%2fw7KxFsn+Rs99lkSQB8BK04K9E4Tbc1W1eor6tQ5GgA1HSjohM5Ui; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:44 GMT;Httponly; Secure
_abck=2D77096DBE8EA08F80464883E9D5E33A~-1~YAAQn0ISAs174w2HAQAALyH1Ewmi8GZBQcbzttf0/lZVCAfV9UGjkgCej1gRfTU0OLaptywR5kh/o1Jnpj/qi4GdPX4XCGZa6Me4PkpSZyTLgaMzpnCSETfaPtz5mltGJ1vRQjKkewSFIbSR2hjn397nTRXh/NmoiwWaso9+KwDzFK+DhYZgjH8EIOvFy1iK93ANTfN22VCa6nJoYUG5bo3kVS8P7HAEAmhP9gfEcEtmBZLZQOPtEbP+UjKVbGNYzhB2WkYpYlbz1YpkuJoVQi6evG6jE968nkSXHq8GxfHczAc4JgOaAWdzDFfp46YhkNLvnACqndyxnrw/UZEvnod44P4Ef34FysnjP2KUBZGfDX7sOyEFRhfYK9Vto7PLkw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 23 Mar 2024 14:10:44 GMT; Max-Age=31536000; Secure
bm_sz=E362F86E3F8DA806C7656771F7265D11~YAAQn0ISAs574w2HAQAALyH1ExOAocWA0rX8qn0p66UzSek0aiXSkY6tiaNYvgSxJUJpp8Npc4IU/RRbXkef+ZIqOlT7rEPPL9nCohH9UlKBXWvpUsaM/t3ElY2MFGz1PJEBJGlBWRZ236fpaHRz3BB0Vg+dotE6XnheJbCuWsVzyKvFpO1V2b1SQI4Ku3Zf2p5z+gek2Z3SiFyj8/M2nUgTzFs4lmeRhq1XZ7LJxAP+WGM/xNoDHbodmVVHq4OUbMaSl7B48WpuAASCQxgpdE00nszLdLdiid+amAB62DkmIo2qrocy~3425349~3289398; Domain=.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 18:10:44 GMT; Max-Age=14400
strict-transport-security: max-age=31536000 ; includeSubDomains
access-control-allow-origin: *
connection: close
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=e97eb424-8a15-4de4-a248-65a81c79c74e%3A0&_cls_v=f0f2fcac-5857-4e3f-87db-bc61a10ae063&pv=2&f_cls_s=true
23.36.79.9200 OK 1.2 kB URL HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=e97eb424-8a15-4de4-a248-65a81c79c74e%3A0&_cls_v=f0f2fcac-5857-4e3f-87db-bc61a10ae063&pv=2&f_cls_s=true
IP 23.36.79.9:0
ASN #20940 Akamai International B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (5109), with no line terminators
Hash 0a429121a9a2fe7fc5a7f6b71519481d
f154de4aa6d4ea3ab082fe7384b0661e98f5054d
008e20f40cbaae90a32f870a6bee15672946ea0d44f4c7424582962521778b49
GET /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=e97eb424-8a15-4de4-a248-65a81c79c74e%3A0&_cls_v=f0f2fcac-5857-4e3f-87db-bc61a10ae063&pv=2&f_cls_s=true HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://webpa-landing-dzenai.com
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://webpa-landing-dzenai.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1188
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Fri, 24 Mar 2023 14:10:44 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=de760e43; Secure; SameSite=None;HttpOnly;Secure
_cls_s=e97eb424-8a15-4de4-a248-65a81c79c74e:0; Secure; SameSite=None;HttpOnly;Secure
_cls_v=f0f2fcac-5857-4e3f-87db-bc61a10ae063; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!SfLPOlODCc9R6fzpnNE5eVRfS7HzY0mBq4dJL/DL/9MvnEzuLy89HNC0n7nYloB02flGpr2jXQU6xw==; path=/; Httponly; Secure
DCID=IJShIR7foplSU9Tu%2f02IJfn9MdV5TUdhEvhQoYtldsfYFfA+aZ4C9q8%2fzW5A1QY3; Domain=rubicon.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:44 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
webpa-landing-dzenai.com/assets/images/global/s.gif?log=1&pid=702-225258-64&pageUrl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1&cb=1679667054911&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-238607-16%7Etcm%3A91-228643-32
144.126.226.199200 OK 43 B URL HTTP/1.1 webpa-landing-dzenai.com/assets/images/global/s.gif?log=1&pid=702-225258-64&pageUrl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1&cb=1679667054911&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-238607-16%7Etcm%3A91-228643-32
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
urlquery phishing Phishing - Wells Fargo
GET /assets/images/global/s.gif?log=1&pid=702-225258-64&pageUrl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1&cb=1679667054911&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-238607-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!i6NTZxd+vzG0GPkGl7IZxfIs0wroUYEWx6N059rEdC2OtG1R6tkERoE2xunA1/jtWR2Ed/iWJbe8rNI=; ADRUM_BTa=R:45|g:46d3f175-7b30-4a63-b0f9-f87ad9a3af6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:45|i:206917|e:22; utag_main=v_id:018713f542f1001e27158d28199800050002d00900918$_sn:1$_se:2$_ss:0$_st:1679668854486$ses_id:1679667053298%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQBVD94uqTXE8CmqtEb2tNBdCcGRxQuD5EIm2i6thbk%3D%22%2C%22_s%22%3A%22Rhtwd94j%22%7D; _cls_v=f0f2fcac-5857-4e3f-87db-bc61a10ae063; _cls_s=e97eb424-8a15-4de4-a248-65a81c79c74e:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C16868145080992557580027289125498535595%7CMCAAMLH-1680271854%7C6%7CMCAAMB-1680271854%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1026669790%7CMCOPTOUT-1679674254s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
content-type: image/gif
content-length: 43
last-modified: Fri, 24 May 2013 20:08:06 GMT
etag: "519fc8a6-2b"
expires: Thu, 23 Mar 2023 14:10:44 GMT
cache-control: no-cache
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
date: Fri, 24 Mar 2023 14:10:44 GMT
set-cookie: DCID=fXZ%2fs1TRL3eFzC8B2SwvEOK25WOBBnwM2mu1nZcKgI+Tq9IAmk%2fDwlaVjis+RiVi; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:44 GMT;Httponly; Secure
strict-transport-security: max-age=31536000 ; includeSubDomains
access-control-allow-origin: *
connection: close
c1.wfinterface.com/tracking/ga/ga.js
23.36.79.32200 OK 20 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/ga.js
IP 23.36.79.32:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (49163)
Hash d76c07f3794667edfb1c8ac0df3aac66
23e1915175dad06223c692b49c7b3c2aad1a5820
e0a246ff71144016a26e53493b8275a3a02b9386c690a169801840072851136b
GET /tracking/ga/ga.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-c025"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 19477
Date: Fri, 24 Mar 2023 14:10:44 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=sHbq6a%2fiUBs0rMUVBBIYvg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
webpa-landing-dzenai.com/assets/images/global/s.gif?log=1&pid=702-225258-64&pageUrl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1&cb=1679667054924&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-238608-16%7Etcm%3A91-228643-32
144.126.226.199200 OK 43 B URL HTTP/1.1 webpa-landing-dzenai.com/assets/images/global/s.gif?log=1&pid=702-225258-64&pageUrl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1&cb=1679667054924&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-238608-16%7Etcm%3A91-228643-32
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
urlquery phishing Phishing - Wells Fargo
GET /assets/images/global/s.gif?log=1&pid=702-225258-64&pageUrl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1&cb=1679667054924&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-238608-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!i6NTZxd+vzG0GPkGl7IZxfIs0wroUYEWx6N059rEdC2OtG1R6tkERoE2xunA1/jtWR2Ed/iWJbe8rNI=; ADRUM_BTa=R:45|g:46d3f175-7b30-4a63-b0f9-f87ad9a3af6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:45|i:206917|e:22; utag_main=v_id:018713f542f1001e27158d28199800050002d00900918$_sn:1$_se:2$_ss:0$_st:1679668854486$ses_id:1679667053298%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQBVD94uqTXE8CmqtEb2tNBdCcGRxQuD5EIm2i6thbk%3D%22%2C%22_s%22%3A%22Rhtwd94j%22%7D; _cls_v=f0f2fcac-5857-4e3f-87db-bc61a10ae063; _cls_s=e97eb424-8a15-4de4-a248-65a81c79c74e:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C16868145080992557580027289125498535595%7CMCAAMLH-1680271854%7C6%7CMCAAMB-1680271854%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1026669790%7CMCOPTOUT-1679674254s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
content-type: image/gif
content-length: 43
last-modified: Fri, 24 May 2013 20:08:06 GMT
etag: "519fc8a6-2b"
expires: Thu, 23 Mar 2023 14:10:44 GMT
cache-control: no-cache
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
date: Fri, 24 Mar 2023 14:10:44 GMT
set-cookie: DCID=cCIkDfxOBnjsK+6uq+LZYan32xOFVkEcZcxMJd9aoJb6a5qRstJY0CgqX21+4Sb4; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:44 GMT;Httponly; Secure
strict-transport-security: max-age=31536000 ; includeSubDomains
access-control-allow-origin: *
connection: close
connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
23.36.79.34200 OK 607 B URL HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
IP 23.36.79.34:0
ASN #20940 Akamai International B.V.
File type ASCII text, with CRLF line terminators
Hash 00c66df208db2e1ba86a1bf44853001c
703b030e21167b9bbb52ae54bca96921a886c2dc
ab1989dd07ba1ed256db9131647ea9cb1b3735fac736fd27fb73b4b44c6e45b9
GET /auth/static/prefs/atadun.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 15 Dec 2022 17:56:35 GMT
Vary: Accept-Encoding
ETag: W/"639b5fd3-4a0"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Content-Encoding: gzip
Content-Length: 607
Date: Fri, 24 Mar 2023 14:10:44 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=RIGQnzx6aaLuekFLWtgsf5pSFh3HstiO0X1PUbh2SkE%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:44 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 35cd7a5cd81e754cc3eeee790b256d66
c2a1720c701d6828742ef283bd6ce8ea5a439c68
0f37de80a2984b67ff881ef5dccb772374fc71a33edf041efff64882a626ba3f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 14:10:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
2549153.fls.doubleclick.net/activityi;src=2549153;type=bisf90;cat=all_a0;ord=8121112840403;gtm=2od8g0;auiddc=1329578291.1679667055;u1=11202303240710411293110133;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1?
142.250.74.38200 OK 309 B URL HTTP/2 2549153.fls.doubleclick.net/activityi;src=2549153;type=bisf90;cat=all_a0;ord=8121112840403;gtm=2od8g0;auiddc=1329578291.1679667055;u1=11202303240710411293110133;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1?
IP 142.250.74.38:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (542), with no line terminators
Hash 3547e0da7e75dcaad70bed74facb771c
e06da4d420b197cdf8137a95143d8dbac69f2ebb
98dd7a147f2682f5d323f229203a14c949d6c0ef1da89e068a9d6c7a08318138
GET /activityi;src=2549153;type=bisf90;cat=all_a0;ord=8121112840403;gtm=2od8g0;auiddc=1329578291.1679667055;u1=11202303240710411293110133;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1? HTTP/1.1
Host: 2549153.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 14:10:44 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 309
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 24-Mar-2023 14:25:44 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
c1.wfinterface.com/tracking/ga/ec.js
23.36.79.32200 OK 1.3 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/ec.js
IP 23.36.79.32:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (2771)
Hash 8a1d22ba0de1104dcdc02a582b407ed2
e4d90fd13a73c7379c46b197ded523a5d33c69b9
4a44a1a7efd65360f31e0b1842ad06b7fedc7c0373c69c0077c696cd49cc35de
GET /tracking/ga/ec.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-aed"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 1313
Date: Fri, 24 Mar 2023 14:10:44 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=09h6PC9ROHKyM9QUrEAftw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
webpa-landing-dzenai.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679667054927&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=2
144.126.226.199200 OK 43 B URL HTTP/1.1 webpa-landing-dzenai.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679667054927&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=2
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
urlquery phishing Phishing - Wells Fargo
GET /assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679667054927&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=2 HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!i6NTZxd+vzG0GPkGl7IZxfIs0wroUYEWx6N059rEdC2OtG1R6tkERoE2xunA1/jtWR2Ed/iWJbe8rNI=; ADRUM_BTa=R:45|g:46d3f175-7b30-4a63-b0f9-f87ad9a3af6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:45|i:206917|e:22; utag_main=v_id:018713f542f1001e27158d28199800050002d00900918$_sn:1$_se:2$_ss:0$_st:1679668854486$ses_id:1679667053298%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQBVD94uqTXE8CmqtEb2tNBdCcGRxQuD5EIm2i6thbk%3D%22%2C%22_s%22%3A%22Rhtwd94j%22%7D; _cls_v=f0f2fcac-5857-4e3f-87db-bc61a10ae063; _cls_s=e97eb424-8a15-4de4-a248-65a81c79c74e:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C16868145080992557580027289125498535595%7CMCAAMLH-1680271854%7C6%7CMCAAMB-1680271854%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1026669790%7CMCOPTOUT-1679674254s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
content-type: image/gif
content-length: 43
last-modified: Fri, 24 May 2013 20:08:06 GMT
etag: "519fc8a6-2b"
expires: Thu, 23 Mar 2023 14:10:44 GMT
cache-control: no-cache
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
date: Fri, 24 Mar 2023 14:10:44 GMT
set-cookie: DCID=72jwI6geZYySexZ+e1t%2fVcM3Xei3Ap1yu24bP0KIYIU6PIKUhe95DG+mjxmDo58n; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:44 GMT;Httponly; Secure
strict-transport-security: max-age=31536000 ; includeSubDomains
access-control-allow-origin: *
connection: close
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 35cd7a5cd81e754cc3eeee790b256d66
c2a1720c701d6828742ef283bd6ce8ea5a439c68
0f37de80a2984b67ff881ef5dccb772374fc71a33edf041efff64882a626ba3f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 14:10:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.secure.wellsfargo.com/AIDO/glu.js
23.36.79.34200 OK 37 kB URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/glu.js
IP 23.36.79.34:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash a07ea3d1ab65f7ad3b4f074fa599f114
e6e9f29b0d24fd24933410ae957a3ff454e3beb3
ba50fd3474de5c0bf94c0cd9bcc9ac98fb38a94f645e730425ac5e6b8d85240a
GET /AIDO/glu.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 37204
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, OPTIONS
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Encoding: gzip
Date: Fri, 24 Mar 2023 14:10:44 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=xzGSYNJmXVupyx+DrNk3LCtNWVzJf3sYAxaiaYIDezGVpg93pGWwApuHEFkmCYlg; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:44 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
webpa-landing-dzenai.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679667054916&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=1
144.126.226.199200 OK 43 B URL HTTP/1.1 webpa-landing-dzenai.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679667054916&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=1
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
urlquery phishing Phishing - Wells Fargo
GET /assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679667054916&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=1 HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!i6NTZxd+vzG0GPkGl7IZxfIs0wroUYEWx6N059rEdC2OtG1R6tkERoE2xunA1/jtWR2Ed/iWJbe8rNI=; ADRUM_BTa=R:45|g:46d3f175-7b30-4a63-b0f9-f87ad9a3af6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:45|i:206917|e:22; utag_main=v_id:018713f542f1001e27158d28199800050002d00900918$_sn:1$_se:2$_ss:0$_st:1679668854486$ses_id:1679667053298%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQBVD94uqTXE8CmqtEb2tNBdCcGRxQuD5EIm2i6thbk%3D%22%2C%22_s%22%3A%22Rhtwd94j%22%7D; _cls_v=f0f2fcac-5857-4e3f-87db-bc61a10ae063; _cls_s=e97eb424-8a15-4de4-a248-65a81c79c74e:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C16868145080992557580027289125498535595%7CMCAAMLH-1680271854%7C6%7CMCAAMB-1680271854%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1026669790%7CMCOPTOUT-1679674254s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
content-type: image/gif
content-length: 43
last-modified: Fri, 24 May 2013 20:08:06 GMT
etag: "519fc8a6-2b"
expires: Thu, 23 Mar 2023 14:10:44 GMT
cache-control: no-cache
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
date: Fri, 24 Mar 2023 14:10:44 GMT
set-cookie: DCID=Uf%2fK90Y9EOkvXX5t4cPRMyyr20VFLJZNAVLuy21t0B8%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:44 GMT;Httponly; Secure
strict-transport-security: max-age=31536000 ; includeSubDomains
access-control-allow-origin: *
connection: close
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ca3a2cc88f5c8a7669812ec7af0e14bf
fbb85820ada745d1e030c13874f96b14f8544884
d61b12522a039a526703bd7f747ae3614b660f1bc001044585c3c72907568d83
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 14:10:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
webpa-landing-dzenai.com/as/jsLog
144.126.226.199200 OK 0 B URL HTTP/1.1 webpa-landing-dzenai.com/as/jsLog
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
urlquery phishing Phishing - Wells Fargo
fortinet Phishing
POST /as/jsLog HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 156
Origin: https://webpa-landing-dzenai.com
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
Cookie: SameSite=None; ISD_WCM_COOKIE=!i6NTZxd+vzG0GPkGl7IZxfIs0wroUYEWx6N059rEdC2OtG1R6tkERoE2xunA1/jtWR2Ed/iWJbe8rNI=; ADRUM_BTa=R:45|g:46d3f175-7b30-4a63-b0f9-f87ad9a3af6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:45|i:206917|e:22; utag_main=v_id:018713f542f1001e27158d28199800050002d00900918$_sn:1$_se:2$_ss:0$_st:1679668854486$ses_id:1679667053298%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQBVD94uqTXE8CmqtEb2tNBdCcGRxQuD5EIm2i6thbk%3D%22%2C%22_s%22%3A%22Rhtwd94j%22%7D; _cls_v=f0f2fcac-5857-4e3f-87db-bc61a10ae063; _cls_s=e97eb424-8a15-4de4-a248-65a81c79c74e:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C16868145080992557580027289125498535595%7CMCAAMLH-1680271854%7C6%7CMCAAMB-1680271854%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1026669790%7CMCOPTOUT-1679674254s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
pragma: no-cache
cache-control: no-cache, no-store, max-age=0
expires: -1
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-length: 0
date: Fri, 24 Mar 2023 14:10:44 GMT
set-cookie: ADRUM_BTa=R:45|g:46d3f175-7b30-4a63-b0f9-f87ad9a3af6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:45|i:206917|e:22; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:45|g:d948a580-da4f-4de0-b511-95a8f4730c77; Expires=Fri, 24-Mar-2023 14:11:14 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:45|g:d948a580-da4f-4de0-b511-95a8f4730c77|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 24-Mar-2023 14:11:14 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 24-Mar-2023 14:11:14 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=F6056F66441781F34C541005D2C2B9DA; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sat, 23-Mar-2024 14:10:44 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202303240710441779321709; domain=.wellsfargo.com; path=/; expires=21 Mar 2033 14:10:44 GMT; secure=true; SameSite=Lax; HttpOnly
ADRUM_BT1=R:45|i:206915; Expires=Fri, 24-Mar-2023 14:11:14 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:45|i:206915|e:5; Expires=Fri, 24-Mar-2023 14:11:14 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:45|i:206915|e:5|d:1; Expires=Fri, 24-Mar-2023 14:11:14 GMT; Path=/; Secure; SameSite=Lax; Httponly
DCID=YcZByXedS89Rv1HO4srQPdge0VgpEmASyOQgPG6jFEo%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:44 GMT;Httponly; Secure
_abck=53399820E755CC9723725A136F5726DD~-1~YAAQn0ISAtl74w2HAQAAbyL1EwnYZ72qLAkBs1lsu0OPx9HxWZ5s60IM1dkKlQSmmcflVeT+A7rV4233fooFTQkl9JHSzTX4dcNfOG+gAgUZkRGsOBnohCTjM/CSxkvLvDBYVBY3Cdpg3Q/2R61xgUVnMbo0vgVorgTz1XYR+M1XnV1MuAi/8xH/2ltK7DjLMcQTCdUcEe9vmfl5oUa/PhwgpznWIfGQuvhizg/aY5NpgB+IpCLgJ/gGspE3/I6KqJDURv2cIcroLl9OgFLwAKT5K0mTEJNUOpDSTubZg+Q9rpwP9dluIjIBiV6zHB2t5ftlMXnu6oN1Y951+OwJwo8AnDAR+/5t9NFVLMPFxYw292tK73N5FLZWwuEPyn8QVw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 23 Mar 2024 14:10:44 GMT; Max-Age=31536000; Secure
bm_sz=0AFC4AA94F2CCB15E4E694D2BE1015CD~YAAQn0ISAtp74w2HAQAAbyL1ExOk7eCFchdDHoeuTJw4hlyypTGO2MOjhaIav+TOVJf0JMIEviNcnMHkhV71bcrwOby2Dzbb0DeP2cAYlYNvKLdygVuqBGRVqzhZ76oK2VAJZYiqYjpdXVR8l3ZTZRqg8rxFNgf52KAaWG7I4oLFdFS+Jmfgvp2RTiGgPhUMdMqAfJUGyqdKPYNM0iYVTTYPbs1zDzL3OUAA3r5QxioKGtStIKxezMdITW1VtT1Q73voKFmHrzSEdqmNfe/brofXwn9kKF32o1nxBWLr9J9p9fi0dLJ+~3425349~3289398; Domain=.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 18:10:44 GMT; Max-Age=14400
strict-transport-security: max-age=31536000 ; includeSubDomains
access-control-allow-origin: *
connection: close
webpa-landing-dzenai.com/assets/images/global/s.gif?log=1&pid=702-225258-64&pageUrl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1&cb=1679667054904&offerType=iaRendered&slotId=WF_BIZ_HP_PRIMARY_BNR&offerId=B_oth_sbcybersecurityrsvp_bishhipprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254032-16%7Etcm%3A91-223657-32
144.126.226.199200 OK 43 B URL HTTP/1.1 webpa-landing-dzenai.com/assets/images/global/s.gif?log=1&pid=702-225258-64&pageUrl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1&cb=1679667054904&offerType=iaRendered&slotId=WF_BIZ_HP_PRIMARY_BNR&offerId=B_oth_sbcybersecurityrsvp_bishhipprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254032-16%7Etcm%3A91-223657-32
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
urlquery phishing Phishing - Wells Fargo
GET /assets/images/global/s.gif?log=1&pid=702-225258-64&pageUrl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1&cb=1679667054904&offerType=iaRendered&slotId=WF_BIZ_HP_PRIMARY_BNR&offerId=B_oth_sbcybersecurityrsvp_bishhipprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254032-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!i6NTZxd+vzG0GPkGl7IZxfIs0wroUYEWx6N059rEdC2OtG1R6tkERoE2xunA1/jtWR2Ed/iWJbe8rNI=; ADRUM_BTa=R:45|g:46d3f175-7b30-4a63-b0f9-f87ad9a3af6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:45|i:206917|e:22; utag_main=v_id:018713f542f1001e27158d28199800050002d00900918$_sn:1$_se:2$_ss:0$_st:1679668854486$ses_id:1679667053298%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQBVD94uqTXE8CmqtEb2tNBdCcGRxQuD5EIm2i6thbk%3D%22%2C%22_s%22%3A%22Rhtwd94j%22%7D; _cls_v=f0f2fcac-5857-4e3f-87db-bc61a10ae063; _cls_s=e97eb424-8a15-4de4-a248-65a81c79c74e:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C16868145080992557580027289125498535595%7CMCAAMLH-1680271854%7C6%7CMCAAMB-1680271854%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1026669790%7CMCOPTOUT-1679674254s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
content-type: image/gif
content-length: 43
last-modified: Fri, 24 May 2013 20:08:06 GMT
etag: "519fc8a6-2b"
expires: Thu, 23 Mar 2023 14:10:44 GMT
cache-control: no-cache
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
date: Fri, 24 Mar 2023 14:10:44 GMT
set-cookie: DCID=Qjg0itntv6HfstIs2fysk5iz%2f7IHFDQ8YgErE9+vLmw%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:44 GMT;Httponly; Secure
strict-transport-security: max-age=31536000 ; includeSubDomains
access-control-allow-origin: *
connection: close
www.google-analytics.com/j/collect?v=1&_v=j92&aip=1&a=98098185&t=pageview&_s=1&dl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F&dr=https%3A%2F%2Fwebpa-landing-dzenai.com%2F&ul=en-us&de=UTF-8&dt=Small%20Business%20Banking%2C%20Loans%20%26%20Insights%20%7C%20Wells%20Fargo&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=4GBACUALBAAAAC~&jid=1591698439&gjid=1414342465&cid=871814339.1679667056&tid=UA-107148943-1&_gid=2079939037.1679667056&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=11202303240710411293110133&cd12=BROWSER&cd22=hp&cd23=4.49.0>m=2ou8g0&cd35=871814339.1679667056&z=1170960545
142.250.74.142200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j92&aip=1&a=98098185&t=pageview&_s=1&dl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F&dr=https%3A%2F%2Fwebpa-landing-dzenai.com%2F&ul=en-us&de=UTF-8&dt=Small%20Business%20Banking%2C%20Loans%20%26%20Insights%20%7C%20Wells%20Fargo&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=4GBACUALBAAAAC~&jid=1591698439&gjid=1414342465&cid=871814339.1679667056&tid=UA-107148943-1&_gid=2079939037.1679667056&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=11202303240710411293110133&cd12=BROWSER&cd22=hp&cd23=4.49.0>m=2ou8g0&cd35=871814339.1679667056&z=1170960545
IP 142.250.74.142:0
File type ASCII text, with no line terminators
Hash cc7a1e792bca8ccb1946b7a07f6dbc03
11a2757082428311f587b7664fa9840376137f80
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
POST /j/collect?v=1&_v=j92&aip=1&a=98098185&t=pageview&_s=1&dl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F&dr=https%3A%2F%2Fwebpa-landing-dzenai.com%2F&ul=en-us&de=UTF-8&dt=Small%20Business%20Banking%2C%20Loans%20%26%20Insights%20%7C%20Wells%20Fargo&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=4GBACUALBAAAAC~&jid=1591698439&gjid=1414342465&cid=871814339.1679667056&tid=UA-107148943-1&_gid=2079939037.1679667056&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=11202303240710411293110133&cd12=BROWSER&cd22=hp&cd23=4.49.0>m=2ou8g0&cd35=871814339.1679667056&z=1170960545 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://webpa-landing-dzenai.com
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://webpa-landing-dzenai.com
date: Fri, 24 Mar 2023 14:10:44 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
c1.wfinterface.com/tracking/ga/ga_conversion_async.js
23.36.79.32200 OK 14 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/ga_conversion_async.js
IP 23.36.79.32:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (35846)
Hash 42c817a7b5f9583b2bc70f742dc950c9
ff75711716f8605860abe551b0235f7194e4348e
881b430ac699f32b3b5234582494d1f4fc0d22be1e6ac797847d66bc5ebc250f
GET /tracking/ga/ga_conversion_async.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-8c31"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 13593
Date: Fri, 24 Mar 2023 14:10:45 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=hAuwHIwGpvKID7+xYslYxw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
webpa-landing-dzenai.com/assets/images/global/s.gif?log=1&pid=702-225258-64&pageUrl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1&cb=1679667054932&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-238609-16%7Etcm%3A91-228643-32
144.126.226.199200 OK 43 B URL HTTP/1.1 webpa-landing-dzenai.com/assets/images/global/s.gif?log=1&pid=702-225258-64&pageUrl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1&cb=1679667054932&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-238609-16%7Etcm%3A91-228643-32
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
urlquery phishing Phishing - Wells Fargo
GET /assets/images/global/s.gif?log=1&pid=702-225258-64&pageUrl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1&cb=1679667054932&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-238609-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!i6NTZxd+vzG0GPkGl7IZxfIs0wroUYEWx6N059rEdC2OtG1R6tkERoE2xunA1/jtWR2Ed/iWJbe8rNI=; ADRUM_BTa=R:45|g:46d3f175-7b30-4a63-b0f9-f87ad9a3af6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:45|i:206917|e:22; utag_main=v_id:018713f542f1001e27158d28199800050002d00900918$_sn:1$_se:2$_ss:0$_st:1679668854486$ses_id:1679667053298%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQBVD94uqTXE8CmqtEb2tNBdCcGRxQuD5EIm2i6thbk%3D%22%2C%22_s%22%3A%22Rhtwd94j%22%7D; _cls_v=f0f2fcac-5857-4e3f-87db-bc61a10ae063; _cls_s=e97eb424-8a15-4de4-a248-65a81c79c74e:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C16868145080992557580027289125498535595%7CMCAAMLH-1680271854%7C6%7CMCAAMB-1680271854%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1026669790%7CMCOPTOUT-1679674254s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
content-type: image/gif
content-length: 43
last-modified: Fri, 24 May 2013 20:08:06 GMT
etag: "519fc8a6-2b"
expires: Thu, 23 Mar 2023 14:10:44 GMT
cache-control: no-cache
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
date: Fri, 24 Mar 2023 14:10:45 GMT
set-cookie: DCID=o4NzKRb%2fMd23IVHV0Sxfuo8IXOYeug7i9nlur9FdhHnSf82BXPXcMN0SDuh3FsUm; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:44 GMT;Httponly; Secure
strict-transport-security: max-age=31536000 ; includeSubDomains
access-control-allow-origin: *
connection: close
tag-wellsfargo.nod-glb.nuance.com/tagserver/frame-bridge.js
8.39.193.5200 OK 5.9 kB URL HTTP/1.1 tag-wellsfargo.nod-glb.nuance.com/tagserver/frame-bridge.js
IP 8.39.193.5:0
ASN #54396 NUANCE-MOBILITY
Hash 0ceb2e3aaf3130b64517eee5e5583179
49fb8fbb16b1585e19a8911f59cd7ea234c5b607
9d486489da6c1ff7c439641bc384a2e0c9e4da32c2ab73f71d1fffc4bacefc5b
GET /tagserver/frame-bridge.js HTTP/1.1
Host: tag-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tag-wellsfargo.nod-glb.nuance.com/tagserver/nuanceChat.html?UUID=WF_10006005
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: max-age=3600
P3P: policyref="http://tag-wellsfargo.nod-glb.nuance.com/w3c/p3p.xml", CP="NON DSP LAW CUR ADMi TAIi PSAi PSD TELi OUR SAMi IND
ETag: "+YmUhczVC0A"
Last-Modified: Wed, 18 Jan 2023 03:46:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/javascript
Content-Length: 5926
Date: Fri, 24 Mar 2023 14:10:44 GMT
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ca3a2cc88f5c8a7669812ec7af0e14bf
fbb85820ada745d1e030c13874f96b14f8544884
d61b12522a039a526703bd7f747ae3614b660f1bc001044585c3c72907568d83
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 14:10:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash ac8d4dabc0044d3f9300e6f09b86bc68
331a761e7d051c94831a30254ca3ce25b2e7dd2d
05ef2753d9e9b8cd1f09c88eb1cc42ee88ffd4db561c9a05e069373c24112d60
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 14:10:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/ddm/fls/i/src=2549153;type=bisf90;cat=all_a0;ord=8121112840403;gtm=2od8g0;auiddc=1329578291.1679667055;u1=11202303240710411293110133;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1
216.58.211.2200 OK 307 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=2549153;type=bisf90;cat=all_a0;ord=8121112840403;gtm=2od8g0;auiddc=1329578291.1679667055;u1=11202303240710411293110133;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1
IP 216.58.211.2:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (541), with no line terminators
Hash 0c074cfaf89866c02f423e301d467b64
2667de4a9279e01238f551b37d8c30e2d1b250fc
7eebe26b295e077eaf221afa20088d46ef953da1f4a2b74240cb622aa2f30c8b
GET /ddm/fls/i/src=2549153;type=bisf90;cat=all_a0;ord=8121112840403;gtm=2od8g0;auiddc=1329578291.1679667055;u1=11202303240710411293110133;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1 HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2549153.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 14:10:45 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 307
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash af767a0f38aa932dc23106c403e9b5f3
5a5662e147f43d1561ba78517738f6be86eb2cde
359fea0fbdd5740a613795d4491c534ebf14e2ffb55edf78c80dc0dde78c42e4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 14:10:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=871814339.1679667056&jid=1591698439&gjid=1414342465&_gid=2079939037.1679667056&_u=4GBACUAKBAAAAC~&z=13530064
209.85.233.154200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=871814339.1679667056&jid=1591698439&gjid=1414342465&_gid=2079939037.1679667056&_u=4GBACUAKBAAAAC~&z=13530064
IP 209.85.233.154:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=871814339.1679667056&jid=1591698439&gjid=1414342465&_gid=2079939037.1679667056&_u=4GBACUAKBAAAAC~&z=13530064 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://webpa-landing-dzenai.com
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://webpa-landing-dzenai.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 24 Mar 2023 14:10:45 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
webpa-landing-dzenai.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679667054935&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=3
144.126.226.199200 OK 43 B URL HTTP/1.1 webpa-landing-dzenai.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679667054935&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=3
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
urlquery phishing Phishing - Wells Fargo
GET /assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679667054935&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=3 HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!i6NTZxd+vzG0GPkGl7IZxfIs0wroUYEWx6N059rEdC2OtG1R6tkERoE2xunA1/jtWR2Ed/iWJbe8rNI=; ADRUM_BTa=R:45|g:46d3f175-7b30-4a63-b0f9-f87ad9a3af6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:45|i:206917|e:22; utag_main=v_id:018713f542f1001e27158d28199800050002d00900918$_sn:1$_se:2$_ss:0$_st:1679668854486$ses_id:1679667053298%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQBVD94uqTXE8CmqtEb2tNBdCcGRxQuD5EIm2i6thbk%3D%22%2C%22_s%22%3A%22Rhtwd94j%22%7D; _cls_v=f0f2fcac-5857-4e3f-87db-bc61a10ae063; _cls_s=e97eb424-8a15-4de4-a248-65a81c79c74e:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C16868145080992557580027289125498535595%7CMCAAMLH-1680271854%7C6%7CMCAAMB-1680271854%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1026669790%7CMCOPTOUT-1679674254s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
content-type: image/gif
content-length: 43
last-modified: Fri, 24 May 2013 20:08:06 GMT
etag: "519fc8a6-2b"
expires: Thu, 23 Mar 2023 14:10:45 GMT
cache-control: no-cache
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
date: Fri, 24 Mar 2023 14:10:45 GMT
set-cookie: DCID=NgkYUA84nhB%2fAYbEbNaCyKVcNq6ZR8ZevqrOQIkF054%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:45 GMT;Httponly; Secure
strict-transport-security: max-age=31536000 ; includeSubDomains
access-control-allow-origin: *
connection: close
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
52.32.5.41200 OK 497 B URL HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
IP 52.32.5.41:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 27ccb5baf4bfa92968d7dc1d04e2bb6d
21570bbf6f0197c9e8987f57eaf9e7eb3e61593d
691d3edbfafbfaec709ee5f7baec640c45651a7ab6cce3da800ce704636a9391
GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 24 Mar 2023 14:10:44 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash af767a0f38aa932dc23106c403e9b5f3
5a5662e147f43d1561ba78517738f6be86eb2cde
359fea0fbdd5740a613795d4491c534ebf14e2ffb55edf78c80dc0dde78c42e4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 14:10:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
webpa-landing-dzenai.com/assets/images/global/s.gif?log=1&pid=702-225258-64&pageUrl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1&cb=1679667054938&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-238610-16%7Etcm%3A91-228643-32
144.126.226.199200 OK 43 B URL HTTP/1.1 webpa-landing-dzenai.com/assets/images/global/s.gif?log=1&pid=702-225258-64&pageUrl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1&cb=1679667054938&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-238610-16%7Etcm%3A91-228643-32
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
urlquery phishing Phishing - Wells Fargo
GET /assets/images/global/s.gif?log=1&pid=702-225258-64&pageUrl=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1&cb=1679667054938&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-238610-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!i6NTZxd+vzG0GPkGl7IZxfIs0wroUYEWx6N059rEdC2OtG1R6tkERoE2xunA1/jtWR2Ed/iWJbe8rNI=; ADRUM_BTa=R:45|g:46d3f175-7b30-4a63-b0f9-f87ad9a3af6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:45|i:206917|e:22; utag_main=v_id:018713f542f1001e27158d28199800050002d00900918$_sn:1$_se:2$_ss:0$_st:1679668854486$ses_id:1679667053298%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQBVD94uqTXE8CmqtEb2tNBdCcGRxQuD5EIm2i6thbk%3D%22%2C%22_s%22%3A%22Rhtwd94j%22%7D; _cls_v=f0f2fcac-5857-4e3f-87db-bc61a10ae063; _cls_s=e97eb424-8a15-4de4-a248-65a81c79c74e:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C16868145080992557580027289125498535595%7CMCAAMLH-1680271854%7C6%7CMCAAMB-1680271854%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1026669790%7CMCOPTOUT-1679674254s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
content-type: image/gif
content-length: 43
last-modified: Fri, 24 May 2013 20:08:06 GMT
etag: "519fc8a6-2b"
expires: Thu, 23 Mar 2023 14:10:45 GMT
cache-control: no-cache
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
date: Fri, 24 Mar 2023 14:10:45 GMT
set-cookie: DCID=C2lHqdFKTWZW9fCB7ZgfhGrAreNBeY22XwVk1IKRVjINEXgDpdYQme7405Y2vsVj; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:45 GMT;Httponly; Secure
strict-transport-security: max-age=31536000 ; includeSubDomains
access-control-allow-origin: *
connection: close
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash b0ed7d316212efa2b3ef7d98d24b9125
2f2078419c164074981bb5451e5c8e0de4fe17ec
99584b096bb7545bb0fdd5f435b4444c7c3ad6c42a86844fb39ea8228bc6a21f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 14:10:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.secure.wellsfargo.com/PIDO/pic.js?r=0.6712786100600585
23.36.79.34200 OK 51 kB URL HTTP/1.1 connect.secure.wellsfargo.com/PIDO/pic.js?r=0.6712786100600585
IP 23.36.79.34:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash a4b2ed3e2ff4f1227596bdd8cada367a
baf3b71ae89b8b0013a78eedb4ac1df317d82e65
199d772fec3323a2009c4fbf097539928e08671ea2b8a956c428fc6f9773c0e9
GET /PIDO/pic.js?r=0.6712786100600585 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 51337
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 24 Mar 2023 14:10:45 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=y3jQd+Vl1X6zk51OrDDskM4BVlx3rUDg2wjSn5QhOuY%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:44 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
adservice.google.no/ddm/fls/i/src=2549153;type=bisf90;cat=all_a0;ord=8121112840403;gtm=2od8g0;auiddc=1329578291.1679667055;u1=11202303240710411293110133;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1
142.250.74.130200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=2549153;type=bisf90;cat=all_a0;ord=8121112840403;gtm=2od8g0;auiddc=1329578291.1679667055;u1=11202303240710411293110133;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1
IP 142.250.74.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=2549153;type=bisf90;cat=all_a0;ord=8121112840403;gtm=2od8g0;auiddc=1329578291.1679667055;u1=11202303240710411293110133;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F%3Fproxy%3D1 HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 14:10:45 GMT
expires: Fri, 24 Mar 2023 14:10:45 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
webpa-landing-dzenai.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679667054942&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=4
144.126.226.199200 OK 43 B URL HTTP/1.1 webpa-landing-dzenai.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679667054942&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=4
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
urlquery phishing Phishing - Wells Fargo
GET /assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679667054942&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=4 HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!i6NTZxd+vzG0GPkGl7IZxfIs0wroUYEWx6N059rEdC2OtG1R6tkERoE2xunA1/jtWR2Ed/iWJbe8rNI=; ADRUM_BTa=R:45|g:46d3f175-7b30-4a63-b0f9-f87ad9a3af6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:45|i:206917|e:22; utag_main=v_id:018713f542f1001e27158d28199800050002d00900918$_sn:1$_se:2$_ss:0$_st:1679668854486$ses_id:1679667053298%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQBVD94uqTXE8CmqtEb2tNBdCcGRxQuD5EIm2i6thbk%3D%22%2C%22_s%22%3A%22Rhtwd94j%22%7D; _cls_v=f0f2fcac-5857-4e3f-87db-bc61a10ae063; _cls_s=e97eb424-8a15-4de4-a248-65a81c79c74e:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C16868145080992557580027289125498535595%7CMCAAMLH-1680271854%7C6%7CMCAAMB-1680271854%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1026669790%7CMCOPTOUT-1679674254s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
content-type: image/gif
content-length: 43
last-modified: Fri, 24 May 2013 20:08:06 GMT
etag: "519fc8a6-2b"
expires: Thu, 23 Mar 2023 14:10:45 GMT
cache-control: no-cache
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
date: Fri, 24 Mar 2023 14:10:45 GMT
set-cookie: DCID=dKCs0VeWb5M7fJMfB6d+1eNpAf4S+bPNAmGXxDDhHLw%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:45 GMT;Httponly; Secure
strict-transport-security: max-age=31536000 ; includeSubDomains
access-control-allow-origin: *
connection: close
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash b0ed7d316212efa2b3ef7d98d24b9125
2f2078419c164074981bb5451e5c8e0de4fe17ec
99584b096bb7545bb0fdd5f435b4444c7c3ad6c42a86844fb39ea8228bc6a21f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 14:10:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBISVhlcmQ1RUdIYTAwUU9pdGkzcE9yd3RMeE9UYnlOK2ZQei9LQUVQem5rTmpmUTRtUDRDQjdqU0VKWTdYZlhWTkZLeE9Hazg3Z2FXS0pNc2hqMHRSc09qOVJYUy9GWjhoN05wRDhpdnNNdmk5UnhIVmNCeTA4VDlROVNRaEZLVFJZU2QxbjFhQlJBay8yYzl5bmFCMWpSakpURjNjUEFnWC91RlpCZStuNXd4Q1V3dXdyRUVKTTd4d3A0MHNMdndacTdLa0JPa0srTm9WN251Q2dyVkt2eHBrd2NWRXhHWkw1NlhEaTRRRjRHeWhrYjJrZ1ZWWmxEQVc0VEFnWjAybldGb09Zbm9uZ01jOGZwd1BBTlloc0tyb2Y5bkFEYkZkc3hweGVVdno0eHR6RTZYUjlTNDVwQXZ5NGZXQktxU21iaHpORnhjSjFvNGJQSEdRb2tOcmxkTXxjYTE1MmFkOTQzZWQ4OTdiNTViMGYzM2I0MDk4M2JkMTgzNTNmODBiMzk3ODlhNTAxNDk4NmZmN2I0ZGUxZWNlZTgyYTU4NjliYTU2ZjA2YTU3N2JiNzdjODYxOWFjNzMxODYxNTAyYjdmOTU5NzYxMjkyMzA3MjZiMWNmN2Q0Y2QzZDdjYTliYmViY2Y5OWY4NGViODNhZDQxZGQyYjZlMzAxZGZlZGUwMzAyYzdjNDY3MDhiZjA1NjliODI3M2JiODE1ODMzMWNmYjBjYzUzNGQ1MDdiMzFmMjU1NzlmNTk1OWVlZDUyNDUzMzEzNTUyNmI2OGI4NDBmOTZkODEzMWEwZGZiNDg3MDc0MTE3MTRjOThmYTY3MDNlMzg3YjZlZDU0YzRhNDI2YjUxZjdkMjAwMzFhNDgxMzQ0NDVkNjJjNjY1NGQ1NDA0OTc3YjYxMDE4YjE5NTdiNWE3MjNiNTU2ZTg5YTRkMGRjYThkNGU4M2Q3NDk4MmZhYWFkNzVhZjlmNzEzNDEzZDMyNGIzZTkwMWVmNmZmMjQ5YTk4YjRkNzFkOTYwNzFjYzgzZDJjMDZmNTY2ZjIxN2U5Y2U4ZmNlMjliNzU4MDE2MWM0ZWE2Y2QyNTNhMWQwZTU1NGE4MjUyNTI1MzNlNmZkNGZlZDI1NDM5NmE4YmVmZTBkMnwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwebpa-landing-dzenai.com&t=jsonp&c=ak_fprddiszmslzb&eu=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F
23.36.79.34200 OK 90 B URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBISVhlcmQ1RUdIYTAwUU9pdGkzcE9yd3RMeE9UYnlOK2ZQei9LQUVQem5rTmpmUTRtUDRDQjdqU0VKWTdYZlhWTkZLeE9Hazg3Z2FXS0pNc2hqMHRSc09qOVJYUy9GWjhoN05wRDhpdnNNdmk5UnhIVmNCeTA4VDlROVNRaEZLVFJZU2QxbjFhQlJBay8yYzl5bmFCMWpSakpURjNjUEFnWC91RlpCZStuNXd4Q1V3dXdyRUVKTTd4d3A0MHNMdndacTdLa0JPa0srTm9WN251Q2dyVkt2eHBrd2NWRXhHWkw1NlhEaTRRRjRHeWhrYjJrZ1ZWWmxEQVc0VEFnWjAybldGb09Zbm9uZ01jOGZwd1BBTlloc0tyb2Y5bkFEYkZkc3hweGVVdno0eHR6RTZYUjlTNDVwQXZ5NGZXQktxU21iaHpORnhjSjFvNGJQSEdRb2tOcmxkTXxjYTE1MmFkOTQzZWQ4OTdiNTViMGYzM2I0MDk4M2JkMTgzNTNmODBiMzk3ODlhNTAxNDk4NmZmN2I0ZGUxZWNlZTgyYTU4NjliYTU2ZjA2YTU3N2JiNzdjODYxOWFjNzMxODYxNTAyYjdmOTU5NzYxMjkyMzA3MjZiMWNmN2Q0Y2QzZDdjYTliYmViY2Y5OWY4NGViODNhZDQxZGQyYjZlMzAxZGZlZGUwMzAyYzdjNDY3MDhiZjA1NjliODI3M2JiODE1ODMzMWNmYjBjYzUzNGQ1MDdiMzFmMjU1NzlmNTk1OWVlZDUyNDUzMzEzNTUyNmI2OGI4NDBmOTZkODEzMWEwZGZiNDg3MDc0MTE3MTRjOThmYTY3MDNlMzg3YjZlZDU0YzRhNDI2YjUxZjdkMjAwMzFhNDgxMzQ0NDVkNjJjNjY1NGQ1NDA0OTc3YjYxMDE4YjE5NTdiNWE3MjNiNTU2ZTg5YTRkMGRjYThkNGU4M2Q3NDk4MmZhYWFkNzVhZjlmNzEzNDEzZDMyNGIzZTkwMWVmNmZmMjQ5YTk4YjRkNzFkOTYwNzFjYzgzZDJjMDZmNTY2ZjIxN2U5Y2U4ZmNlMjliNzU4MDE2MWM0ZWE2Y2QyNTNhMWQwZTU1NGE4MjUyNTI1MzNlNmZkNGZlZDI1NDM5NmE4YmVmZTBkMnwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwebpa-landing-dzenai.com&t=jsonp&c=ak_fprddiszmslzb&eu=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F
IP 23.36.79.34:0
ASN #20940 Akamai International B.V.
File type ASCII text, with no line terminators
Hash 01d1a7a4b9c54da0834d4682b83f193c
9ed147c5c91b732a7650d95eed6959aa2e21c385
408ebf2ff90f99090ef6d83a29d873df73f85f927fdd9375638b1a8d87483915
GET /AIDO/vyHb?d=ZW5jZEBISVhlcmQ1RUdIYTAwUU9pdGkzcE9yd3RMeE9UYnlOK2ZQei9LQUVQem5rTmpmUTRtUDRDQjdqU0VKWTdYZlhWTkZLeE9Hazg3Z2FXS0pNc2hqMHRSc09qOVJYUy9GWjhoN05wRDhpdnNNdmk5UnhIVmNCeTA4VDlROVNRaEZLVFJZU2QxbjFhQlJBay8yYzl5bmFCMWpSakpURjNjUEFnWC91RlpCZStuNXd4Q1V3dXdyRUVKTTd4d3A0MHNMdndacTdLa0JPa0srTm9WN251Q2dyVkt2eHBrd2NWRXhHWkw1NlhEaTRRRjRHeWhrYjJrZ1ZWWmxEQVc0VEFnWjAybldGb09Zbm9uZ01jOGZwd1BBTlloc0tyb2Y5bkFEYkZkc3hweGVVdno0eHR6RTZYUjlTNDVwQXZ5NGZXQktxU21iaHpORnhjSjFvNGJQSEdRb2tOcmxkTXxjYTE1MmFkOTQzZWQ4OTdiNTViMGYzM2I0MDk4M2JkMTgzNTNmODBiMzk3ODlhNTAxNDk4NmZmN2I0ZGUxZWNlZTgyYTU4NjliYTU2ZjA2YTU3N2JiNzdjODYxOWFjNzMxODYxNTAyYjdmOTU5NzYxMjkyMzA3MjZiMWNmN2Q0Y2QzZDdjYTliYmViY2Y5OWY4NGViODNhZDQxZGQyYjZlMzAxZGZlZGUwMzAyYzdjNDY3MDhiZjA1NjliODI3M2JiODE1ODMzMWNmYjBjYzUzNGQ1MDdiMzFmMjU1NzlmNTk1OWVlZDUyNDUzMzEzNTUyNmI2OGI4NDBmOTZkODEzMWEwZGZiNDg3MDc0MTE3MTRjOThmYTY3MDNlMzg3YjZlZDU0YzRhNDI2YjUxZjdkMjAwMzFhNDgxMzQ0NDVkNjJjNjY1NGQ1NDA0OTc3YjYxMDE4YjE5NTdiNWE3MjNiNTU2ZTg5YTRkMGRjYThkNGU4M2Q3NDk4MmZhYWFkNzVhZjlmNzEzNDEzZDMyNGIzZTkwMWVmNmZmMjQ5YTk4YjRkNzFkOTYwNzFjYzgzZDJjMDZmNTY2ZjIxN2U5Y2U4ZmNlMjliNzU4MDE2MWM0ZWE2Y2QyNTNhMWQwZTU1NGE4MjUyNTI1MzNlNmZkNGZlZDI1NDM5NmE4YmVmZTBkMnwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwebpa-landing-dzenai.com&t=jsonp&c=ak_fprddiszmslzb&eu=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 90
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Date: Fri, 24 Mar 2023 14:10:45 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=dMzYc9q%2ferTnJfXwIzk53VwoQ+v3znMCg04U2ny1Hro%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:45 GMT;Httponly; Secure
_abck=0B8C726D70F0EBFDC420C399B7E4107F~-1~YAAQHk8kF2R7eBOHAQAA+iP1Ewl1XNh08yUuRa5wR0Ngytz/U+Zq/lSGUmfSW5Ma8N4wR3w1biv1K1cIriOuYlNSRsyM5RZ7pSTmYUs82y1rGYoW1k9BbdAZZRVRUIn0Wo3aE1qy/Lltu4uMbHWSHCYTQ3SF013rQKLHDZ4bztE++oW2yk11RTe/FEw4/sFlX03SnCC7FnIgH3qu0nAkOBgUGi3Bp4zewiQ3WcA3XWrsmU1Ok4CMV4k6oB6rtV9RNHnOkIHUfIQJ/TVHwVaj9xnrGHg023/N0yrGbZg1etgmH+HtDhENZKTzbvzyz0Kw+OyOraO05y7NF9O7lVO3kQTVpca7TzE8hpafcP9/vrkKLfqdCe2p5rfgkVDLpPA++Q==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 23 Mar 2024 14:10:45 GMT; Max-Age=31536000; Secure
bm_sz=57850551CBBF95E9977FF2BE6A99732B~YAAQHk8kF2V7eBOHAQAA+iP1ExNqv41TW90Dqf6rybMzrkfqaFiTgL6hnmBou0LL2cMkaAo8did3CfV3/rw/T8iU/t7wY50PXOhrZ9nCamADQo+kXkzWHZ3sEKW3uF17T+alSt0KPi1EgYCOxRVi+naErsylGcjfFe0WVpTdvj0vh0iUypwe1tY5I+gVnmZy/5uo/aR1wHegy8BHnkxW7EgYJ/zJeNybOV+Tfm9TbUUIQgB8wmXoaFLXzvyRZSkKMpu5564SfmkQBAq7iIjOHLv95B5ipFaMBrF5XDhWxeztqrmyU+8R~3289155~3684165; Domain=.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 18:10:45 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
tag-wellsfargo.nod-glb.nuance.com/chatskins/launch/inqChatLaunch10006005.js?chatVersion=sdk
8.39.193.5200 OK 2.0 kB URL HTTP/1.1 tag-wellsfargo.nod-glb.nuance.com/chatskins/launch/inqChatLaunch10006005.js?chatVersion=sdk
IP 8.39.193.5:0
ASN #54396 NUANCE-MOBILITY
File type ASCII text, with very long lines (1087)
Hash add2172369fbf783ce5a92295fc73145
d0f63fc1ad8b6014aee7812b5cb71353aab06ad7
8cefaa9e8323f2a7cbfbe772a849da7360d724f369e29ddb071a53c291395d8d
GET /chatskins/launch/inqChatLaunch10006005.js?chatVersion=sdk HTTP/1.1
Host: tag-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tag-wellsfargo.nod-glb.nuance.com/tagserver/nuanceChat.html?UUID=WF_10006005
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: *
Cache-Control: no-cache
ETag: "6rhlFNuzwWq"
Last-Modified: Wed, 08 Feb 2023 03:20:57 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Type: application/javascript
Content-Length: 2007
Date: Fri, 24 Mar 2023 14:10:45 GMT
connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.7569780458288251
23.36.79.34200 OK 136 kB URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.7569780458288251
IP 23.36.79.34:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Size 136 kB (136520 bytes)
Hash 57635e264ff1a8713568105042b42112
910e1f8ce71d21314fc395d1a0e6a106927e2f9c
0af93884f10552c88c6bf974045a64d9cc7296f9a82a1ae6f8feecf6e044c259
GET /AIDO/mint.js?dt=login&r=0.7569780458288251 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 136520
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 24 Mar 2023 14:10:45 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=MhmGanbT28Di540vfII6vn+IDnlCHH9otPxjA443K1HP0TFz+X8WEF5%2fspIJZ7B0; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:44 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/jenny/nd
23.36.79.34200 OK 18 kB URL HTTP/1.1 connect.secure.wellsfargo.com/jenny/nd
IP 23.36.79.34:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (2293)
Hash a76ae3fc96afdb6b244b4ab647911e5b
44ea1b9c0612c25586064cc78e88eb1b20898702
3ba955d7b580bd4dda2450792167cd768c80af14baf1a70a8fdb10ae3e75483d
GET /jenny/nd HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: accept-encoding
Content-Encoding: gzip
Content-Type: application/javascript;charset=ISO-8859-1
Content-Length: 17982
Date: Fri, 24 Mar 2023 14:10:45 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:33|g:798846c9-aee2-4482-8709-0ecb59999dff; Expires=Fri, 24 Mar 2023 14:11:15 GMT; Path=/; Secure
ADRUM_BTa=R:33|g:798846c9-aee2-4482-8709-0ecb59999dff|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 24 Mar 2023 14:11:15 GMT; Path=/; Secure
SameSite=None; Expires=Fri, 24 Mar 2023 14:11:15 GMT; Path=/; Secure
ADRUM_BT1=R:33|i:302812; Expires=Fri, 24 Mar 2023 14:11:15 GMT; Path=/; Secure
ADRUM_BT1=R:33|i:302812|e:3; Expires=Fri, 24 Mar 2023 14:11:15 GMT; Path=/; Secure
ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=aV7ARqa%2fU5RscJFS8ZV9hzvB0rVAkYYl4Zh3DtfNJuymJGQ4wYXxaO%2fT0Lu9yzno; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:45 GMT;Httponly; Secure
_abck=8564FFDA64AB89E9EBF1B50BE513ABFA~-1~YAAQHk8kF3B7eBOHAQAAwCX1EwnI+u8EOyRtZebZNQ+ImEVy/Ol0GiwymLTFSz185aJIe0xMs0SOGWX5VyzFZo5+4KLV/3Nty/CKVfc4NxS+nL8IQzoRB5AyjhQTTbjctgyST2OgHxoRlYfVuHU+tAZY7spgIOdLcwK4Lwy11/J8O//xLSQdXo31wwtxlGP3O7m6zOYKlcXt2AZYmlHxagOON8L7lCS028hVsF4ENEccK4J1+2XtzAip2895QNxui19BnjrvW2EONiQZid3RQUoEiqP3/t7kBwRsK29xj4I5hEoU6+guGVsDwaNbc9EMbJ8Y6bLTWKeURNzBiabNyLmb4ERhovLyi4LabMX/y6KGdQ20Pe9t3Igz5ED7Z/fIVA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 23 Mar 2024 14:10:45 GMT; Max-Age=31536000; Secure
bm_sz=7639274F6C85042605E8B19F1E00676C~YAAQHk8kF3F7eBOHAQAAwCX1ExMECk9b3VfIP+KalmwStnDD9/GzMz3hNsR2xcHoSTdcTbPgUFDSGij5/ZhELFqCgkIlyZCxrQGWelUqJU961x8Uv4n4mJuHvciLZ5AUPCq/sLqJ4kmAJKlyK9Sg4fC5wnHJJtTcxZ2W1td/R1gDbUcbUXqfriTtVANrRLt9hx1uzlSteQMBpyy2xSRcdXxWp7KCzDgnNHhV+F6RGi1SriOk8avT8zM9r88lA3OF+1UhHJ1EQvRTvA+E+XSeXkerfGVSsuupIO3p7mnlVKI4MU0JuYH9~3289155~3684165; Domain=.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 18:10:45 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?random=1679667055716&cv=9&fst=1679667055716&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F&ref=https%3A%2F%2Fwebpa-landing-dzenai.com%2F&tiba=Small%20Business%20Banking%2C%20Loans%20%26%20Insights%20%7C%20Wells%20Fargo&hn=www.google.com&async=1
142.250.74.34302 Found 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?random=1679667055716&cv=9&fst=1679667055716&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F&ref=https%3A%2F%2Fwebpa-landing-dzenai.com%2F&tiba=Small%20Business%20Banking%2C%20Loans%20%26%20Insights%20%7C%20Wells%20Fargo&hn=www.google.com&async=1
IP 142.250.74.34:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/984436569/?random=1679667055716&cv=9&fst=1679667055716&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F&ref=https%3A%2F%2Fwebpa-landing-dzenai.com%2F&tiba=Small%20Business%20Banking%2C%20Loans%20%26%20Insights%20%7C%20Wells%20Fargo&hn=www.google.com&async=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 14:10:45 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://www.google.com/pagead/1p-user-list/984436569/?random=1679667055716&cv=9&fst=1679666400000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F&ref=https%3A%2F%2Fwebpa-landing-dzenai.com%2F&tiba=Small%20Business%20Banking%2C%20Loans%20%26%20Insights%20%7C%20Wells%20Fargo&async=1&is_vtc=1&random=1195689913&resp=GooglemKTybQhCsO
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 24-Mar-2023 14:25:45 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 608321b2d7d9f849b46e7fb22419d291
6d6d7ea8959a3ac466cbb69b5e08547ad1bc6207
da8bf75801fbc541fccc8c44d03b9ceba2f92bddeafe0c54f260072eabb28d81
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 14:10:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=871814339.1679667056&jid=1591698439&_u=4GBACUAKBAAAAC~&z=2095964107
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=871814339.1679667056&jid=1591698439&_u=4GBACUAKBAAAAC~&z=2095964107
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=871814339.1679667056&jid=1591698439&_u=4GBACUAKBAAAAC~&z=2095964107 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 14:10:45 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=871814339.1679667056&jid=1591698439&_u=4GBACUAKBAAAAC~&z=2095964107
142.250.74.132200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=871814339.1679667056&jid=1591698439&_u=4GBACUAKBAAAAC~&z=2095964107
IP 142.250.74.132:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=871814339.1679667056&jid=1591698439&_u=4GBACUAKBAAAAC~&z=2095964107 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 14:10:45 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/984436569/?random=1679667055716&cv=9&fst=1679666400000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F&ref=https%3A%2F%2Fwebpa-landing-dzenai.com%2F&tiba=Small%20Business%20Banking%2C%20Loans%20%26%20Insights%20%7C%20Wells%20Fargo&async=1&is_vtc=1&random=1195689913&resp=GooglemKTybQhCsO
142.250.74.132302 Found 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/984436569/?random=1679667055716&cv=9&fst=1679666400000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F&ref=https%3A%2F%2Fwebpa-landing-dzenai.com%2F&tiba=Small%20Business%20Banking%2C%20Loans%20%26%20Insights%20%7C%20Wells%20Fargo&async=1&is_vtc=1&random=1195689913&resp=GooglemKTybQhCsO
IP 142.250.74.132:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/984436569/?random=1679667055716&cv=9&fst=1679666400000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F&ref=https%3A%2F%2Fwebpa-landing-dzenai.com%2F&tiba=Small%20Business%20Banking%2C%20Loans%20%26%20Insights%20%7C%20Wells%20Fargo&async=1&is_vtc=1&random=1195689913&resp=GooglemKTybQhCsO HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://webpa-landing-dzenai.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 14:10:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/pagead/1p-user-list/984436569/?random=1679667055716&cv=9&fst=1679666400000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fwebpa-landing-dzenai.com%2Fbiz%2F&ref=https%3A%2F%2Fwebpa-landing-dzenai.com%2F&tiba=Small%20Business%20Banking%2C%20Loans%20%26%20Insights%20%7C%20Wells%20Fargo&async=1&is_vtc=1&random=1195689913&resp=GooglemKTybQhCsO&ipr=y
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
52.32.5.41200 OK 43 B URL HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
IP 52.32.5.41:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash bff56ce49dd485d195fdfa0a02342568
74fb4071deab7d3ab083562067b735df32c43397
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
POST /eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 12988
Origin: https://webpa-landing-dzenai.com
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 24 Mar 2023 14:10:45 GMT
content-type: text/html
expires: 0
set-cookie: ADRUM_BTa=R:33|g:da0cca01-0c54-43fc-a7bf-45ade5fddb30; Path=/; Expires=Fri, 24-Mar-2023 14:11:15 GMT; Max-Age=30
ADRUM_BTa=R:33|g:da0cca01-0c54-43fc-a7bf-45ade5fddb30|n:appdynamics_eee1d4f8-67a2-498e-a725-47e29803822e; Path=/; Expires=Fri, 24-Mar-2023 14:11:15 GMT; Max-Age=30
SameSite=None; Path=/; Expires=Fri, 24-Mar-2023 14:11:15 GMT; Max-Age=30; Secure
ADRUM_BT1=R:33|i:559461; Path=/; Expires=Fri, 24-Mar-2023 14:11:15 GMT; Max-Age=30
ADRUM_BT1=R:33|i:559461|e:4; Path=/; Expires=Fri, 24-Mar-2023 14:11:15 GMT; Max-Age=30
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
media-wellsfargo.nod-glb.nuance.com/media/launch/sdkChatLoader.min.js?codeVersion=1675826440001
8.39.193.5200 OK 2.3 kB URL HTTP/1.1 media-wellsfargo.nod-glb.nuance.com/media/launch/sdkChatLoader.min.js?codeVersion=1675826440001
IP 8.39.193.5:0
ASN #54396 NUANCE-MOBILITY
File type ASCII text, with very long lines (7108), with no line terminators
Hash 69248df2e4cd19badf361961108eec5e
86054d9394816797a159f91274bf9c97033a9024
4879bdd8f9d0bd0597e5df3170a4164ca2ca3aaab294b91dd49332db9d36f290
GET /media/launch/sdkChatLoader.min.js?codeVersion=1675826440001 HTTP/1.1
Host: media-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tag-wellsfargo.nod-glb.nuance.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
ETag: "6Cu8yUJ1UkL"
Last-Modified: Wed, 18 Jan 2023 03:50:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/javascript
Content-Length: 2292
Date: Fri, 24 Mar 2023 14:10:46 GMT
webpa-landing-dzenai.com/dti_apg/api/dip/v1/dip
144.126.226.199200 OK 133 B URL HTTP/1.1 webpa-landing-dzenai.com/dti_apg/api/dip/v1/dip
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with no line terminators
Hash 6af040301dd2fd7271e777f3fd36fa9a
ee34b901b235b07ff49a1c1815a1b1ff51829e64
73fae6b380c67ef6bbc465fbc5bfca06a509e89ecd9b1144ccc12fd4c616bf25
Analyzer Verdict Alert fortinet Phishing
POST /dti_apg/api/dip/v1/dip HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
ADRUM: isAjax:true
Content-Length: 2032
Origin: https://webpa-landing-dzenai.com
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
Cookie: SameSite=None; ISD_WCM_COOKIE=!i6NTZxd+vzG0GPkGl7IZxfIs0wroUYEWx6N059rEdC2OtG1R6tkERoE2xunA1/jtWR2Ed/iWJbe8rNI=; utag_main=v_id:018713f542f1001e27158d28199800050002d00900918$_sn:1$_se:2$_ss:0$_st:1679668854486$ses_id:1679667053298%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQBVD94uqTXE8CmqtEb2tNBdCcGRxQuD5EIm2i6thbk%3D%22%2C%22_s%22%3A%22Rhtwd94j%22%2C%22c%22%3A%22RkhhRE5GOHhtV2thb0oyTA%3D%3DUGzGAEr7lkHwkIqXhkfqrs-whxqXbJ3UvjqC7WMz7SzHrMbWljB-6PHh7gsBQf2WQVwLVzzENzaid6fJc-wc28khCN_QnAYgEs0%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=f0f2fcac-5857-4e3f-87db-bc61a10ae063; _cls_s=e97eb424-8a15-4de4-a248-65a81c79c74e:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C16868145080992557580027289125498535595%7CMCAAMLH-1680271854%7C6%7CMCAAMB-1680271854%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1026669790%7CMCOPTOUT-1679674254s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _gcl_au=1.1.1329578291.1679667055; _ga=GA1.2.871814339.1679667056; _gid=GA1.2.2079939037.1679667056; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoiazFKVUpsa3N3OTBBMW9KaWM4SHpidz09IiwiZSI6Ik94VHZ3dmZYM2xqaXVBT25semtNVkZaWDdRN0J0Vm5yNEozY1ZJK1VCNVwvY3pKb1RWMU9yTlMxNzhjNExLUE1WNllqXC9IeXd6OGI2VWVKVTMxbXRSUXlnWFVmSkpFRVZcL0ZCWlpKNVJvc0FkOGgreG01ckhWQ3FKQko1eWlMZGpueXo5N0MzT2Z0Z3VQRlltYkNEWXVJdz09In0%3D.2629f9fe0c3d720f.YjkzNjFmMWI2MDA3YmM2YzIyMTllZDI4YTkyN2MzZTJjZTRkMTliODg2ZWFmNDZhMDhlY2RjY2RhYmY2ZmNlMQ%3D%3D; ADRUM_BTa=R:45|g:d948a580-da4f-4de0-b511-95a8f4730c77|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:45|i:206915|e:5|d:1; ndsid=ndsa008fzgi5y0buvlfmmebhn
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
access-control-allow-origin: *
vary: Origin, Accept-Encoding
x-envoy-upstream-service-time: 16
x-akamai-transformed: 9 206 0 pmb=mTOE,1
content-encoding: gzip
date: Fri, 24 Mar 2023 14:10:46 GMT
content-length: 133
set-cookie: DCID=RcgQFW8Il13StPhlcgLpPHRjqXJHqX4jdUs4bCWL6WM%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:46 GMT;Httponly; Secure
_abck=6265853161C76308F0852830957AC595~-1~YAAQn0ISAhV84w2HAQAAMyj1EwkFwkomuG0wvxC9kAuNcc3ree+9sODIBkXhX8gS6eKj2w5k/5bQRxhuZoFufFZo6AZDrhNGLgnvCaBnMSW4aahCsEw+VnXDjAvHdUOgARVZ+RxKayLSdWRa2L9O+5zyTESItbyfkBKrxIY9CocWokPDz1inD3Yjr1e9FzsImOrAPlKseM2Ms9UG+DJn8DayEds5RxrN9cVhlrJ8RL+5uMEBfDqlc288bROkQpV9icUMD+Ap5pOYIN/Mw8Sw7/TSUd2WADUHkIFcP2Je1ZUlf+KEnMkNRDcBtdwCSowWKAav017luQpesYDMOZUEtAVD2b3ZsZO4W5nH236PHs82nRWeGx7QQomlrnYW5NYOBQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 23 Mar 2024 14:10:46 GMT; Max-Age=31536000; Secure
bm_sz=3BF2AEBD3BC6FA850739C39BE17CA20A~YAAQn0ISAhZ84w2HAQAAMyj1ExMbnqbijSEC5zQa7w7lzbVbsxbbjUCak0weAuquI5RE1RS0RC4wxiXwpTz5f2ENU0q+H+GBl2MTxacc98tu/x9lvmX+CSaWjkjn9s6sTZkFOKYZZWkSqaM1h4fKJ6LoQZ9iHSy0/lrRbApkj0yVkkQUxd1ZGgp5buWqVWb/h1xaNOjjboA08SUiAYGYgJAmuawmskBzI0f/J41HtlPZfXaHhNGyeAip4257EQKslOt/yy9VxDA1eIeY2iMnOEGjKR6CW5C7DWENB8bLOJe0Kb2PccSc~4601922~3289650; Domain=.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 18:10:46 GMT; Max-Age=14400
strict-transport-security: max-age=31536000 ; includeSubDomains
connection: close
media-wellsfargo.nod-glb.nuance.com/media/launch/site_10006005_default_helper.js?codeVersion=1675826440001
8.39.193.5200 OK 32 kB URL HTTP/1.1 media-wellsfargo.nod-glb.nuance.com/media/launch/site_10006005_default_helper.js?codeVersion=1675826440001
IP 8.39.193.5:0
ASN #54396 NUANCE-MOBILITY
File type Unicode text, UTF-8 text, with very long lines (59866)
Hash 6e83fb250c5d1a79354ac3e251df273c
4f677cebd9af75332446a25b6cbe632f359af825
802b7e0e001720cc82d6a5573f7d139d3914199c397bd0c9a1c9ce0e92f9b6e4
GET /media/launch/site_10006005_default_helper.js?codeVersion=1675826440001 HTTP/1.1
Host: media-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tag-wellsfargo.nod-glb.nuance.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
ETag: "9h/40Oh9PoS"
Last-Modified: Wed, 08 Feb 2023 03:20:58 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/javascript
Transfer-Encoding: chunked
Date: Fri, 24 Mar 2023 14:10:46 GMT
media-wellsfargo.nod-glb.nuance.com/media/launch/site_10006005_default_jssdk.js?codeVersion=1675826440001
8.39.193.5200 OK 26 kB URL HTTP/1.1 media-wellsfargo.nod-glb.nuance.com/media/launch/site_10006005_default_jssdk.js?codeVersion=1675826440001
IP 8.39.193.5:0
ASN #54396 NUANCE-MOBILITY
File type ASCII text, with very long lines (5905)
Hash 854e419a937ab42b92e2133a43046f3e
6717bc93724b3b2e88057f33c2b23fe96e370f01
280967aded448b04b8059a87425ca2ae88edfce1134c21e7c303a67fa2e74dd8
GET /media/launch/site_10006005_default_jssdk.js?codeVersion=1675826440001 HTTP/1.1
Host: media-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tag-wellsfargo.nod-glb.nuance.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
ETag: "FsuLzhzSnJx"
Last-Modified: Wed, 08 Feb 2023 03:20:58 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/javascript
Transfer-Encoding: chunked
Date: Fri, 24 Mar 2023 14:10:46 GMT
webpa-landing-dzenai.com/dti_apg/api/imp/v1.0/report/?m&fq=load
144.126.226.199200 OK 265 B URL HTTP/1.1 webpa-landing-dzenai.com/dti_apg/api/imp/v1.0/report/?m&fq=load
IP 144.126.226.199:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with no line terminators
Hash 2511c6bdc3fe9a265f86f6192464bf99
f8ef425080773c1d18599b7a73f2d07558d92477
b16fe0dbe63ed5c4b4c434830d3f14fb1e648c596af5f0e64b19369d54437f91
POST /dti_apg/api/imp/v1.0/report/?m&fq=load HTTP/1.1
Host: webpa-landing-dzenai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://webpa-landing-dzenai.com/biz/?proxy=1
content-type: text/plain;charset=UTF-8
Origin: https://webpa-landing-dzenai.com
Content-Length: 664
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!i6NTZxd+vzG0GPkGl7IZxfIs0wroUYEWx6N059rEdC2OtG1R6tkERoE2xunA1/jtWR2Ed/iWJbe8rNI=; utag_main=v_id:018713f542f1001e27158d28199800050002d00900918$_sn:1$_se:2$_ss:0$_st:1679668854486$ses_id:1679667053298%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQBVD94uqTXE8CmqtEb2tNBdCcGRxQuD5EIm2i6thbk%3D%22%2C%22_s%22%3A%22Rhtwd94j%22%2C%22c%22%3A%22RkhhRE5GOHhtV2thb0oyTA%3D%3DUGzGAEr7lkHwkIqXhkfqrs-whxqXbJ3UvjqC7WMz7SzHrMbWljB-6PHh7gsBQf2WQVwLVzzENzaid6fJc-wc28khCN_QnAYgEs0%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AWavHWQAAAAAX3pZEE%2FjX8dinwAAX48G%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A10000%7D; _cls_v=f0f2fcac-5857-4e3f-87db-bc61a10ae063; _cls_s=e97eb424-8a15-4de4-a248-65a81c79c74e:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C16868145080992557580027289125498535595%7CMCAAMLH-1680271854%7C6%7CMCAAMB-1680271854%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1026669790%7CMCOPTOUT-1679674254s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _gcl_au=1.1.1329578291.1679667055; _ga=GA1.2.871814339.1679667056; _gid=GA1.2.2079939037.1679667056; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoiazFKVUpsa3N3OTBBMW9KaWM4SHpidz09IiwiZSI6Ik94VHZ3dmZYM2xqaXVBT25semtNVkZaWDdRN0J0Vm5yNEozY1ZJK1VCNVwvY3pKb1RWMU9yTlMxNzhjNExLUE1WNllqXC9IeXd6OGI2VWVKVTMxbXRSUXlnWFVmSkpFRVZcL0ZCWlpKNVJvc0FkOGgreG01ckhWQ3FKQko1eWlMZGpueXo5N0MzT2Z0Z3VQRlltYkNEWXVJdz09In0%3D.2629f9fe0c3d720f.YjkzNjFmMWI2MDA3YmM2YzIyMTllZDI4YTkyN2MzZTJjZTRkMTliODg2ZWFmNDZhMDhlY2RjY2RhYmY2ZmNlMQ%3D%3D; ADRUM_BTa=R:45|g:d948a580-da4f-4de0-b511-95a8f4730c77|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:45|i:206915|e:5|d:1; ndsid=ndsa008fzgi5y0buvlfmmebhn; _imp_di_pc_=AWavHWQAAAAAX3pZEE%2FjX8dinwAAX48G
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-allow-methods: OPTIONS, GET, POST
access-control-allow-origin: *
content-type: text/plain
content-length: 265
date: Fri, 24 Mar 2023 14:10:48 GMT
set-cookie: DCID=tQSS1iRR2DhwxxMhBq7RmroVRpVdcx67iJBMGv1KUrnEiR1hTATp54uKEoXNcW+g; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:46 GMT;Httponly; Secure
_abck=9F03ECED211DE88C57876F786E3D6536~-1~YAAQn0ISAk184w2HAQAAhC71EwmiWbCYrDboTodxRtui8teQ1mefARm87lkKNvkOcUc4P+voumjAAnjl/Ycawz3WwxAoE6g/4dRZPYoitr6KqAsmqS6X8d5C+B1EGnZGN+Svq8n4QxE50Fp2Gj+V8LLATIuqb4hAeoBv5k3ZjNclprhXwHzcpTBbvTdrQpCjBpWM59K6SouJbOAlA3zLa1Kq4q8cDf6JgQS6UVo38VPjOg4UcdWzWDpBJWhHO3+7ncUHdwHt8FgnDItwxu7Cw8KKAkvbq0wWUe5Epk8AEuP2Ca8m4eEA6INpDM1v4yVUaamCVStHdqA3WoVPa7ojuB4I1Kro69nFNPL4jL6eMZqnHdaePiyN213q82X6GJsBWw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 23 Mar 2024 14:10:48 GMT; Max-Age=31536000; Secure
bm_sz=8FE2AD448772FF08EC13D7E19AD6C6A6~YAAQn0ISAk584w2HAQAAhC71ExOzNFjR2Uk5neXKjKOldvI0kGxQd0ahlhiLQJDokk8j+wOPQwNH7B0Bby9g2YKGlK4cyRRGWYWlzJxQBeMiytuxwOni1VYhX1kcG+rcIRCGDca/wxzSOzxhoZFcC12JM+SViHLXCtsfwXU6erOkEehd7DHmFti6B9R25EhMxVXFqostYLcTuM79tWwVYfRoVhpJ1aHbwPcNNtdp8iTwjUna1F90fkh/NkgD6K+nlgCbz5SVNvzgXGIaE7MDdbdS40U0ck+R6qnyHzWXor2Kqj9QN9pX~4601922~3289650; Domain=.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 18:10:46 GMT; Max-Age=14398
strict-transport-security: max-age=31536000 ; includeSubDomains
connection: close
media-wellsfargo.nod-glb.nuance.com/media/launch/all_10006005.json?codeVersion=1675826440001
8.39.193.5200 OK 140 kB URL HTTP/1.1 media-wellsfargo.nod-glb.nuance.com/media/launch/all_10006005.json?codeVersion=1675826440001
IP 8.39.193.5:0
ASN #54396 NUANCE-MOBILITY
File type Unicode text, UTF-8 text, with very long lines (327)
Size 140 kB (139553 bytes)
Hash 42d9cfcd8fecfb08e6df0ff0577b924d
d7b8515e4abb8b4036cdc0782c2f9f59420351ca
1d3e7fae701a8a4e1c84d35d46f14666854c4d511dc39eb34e4689671984977e
GET /media/launch/all_10006005.json?codeVersion=1675826440001 HTTP/1.1
Host: media-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tag-wellsfargo.nod-glb.nuance.com
Connection: keep-alive
Referer: https://tag-wellsfargo.nod-glb.nuance.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
ETag: "4PUkeO/0PgX"
Last-Modified: Wed, 08 Feb 2023 03:20:59 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/json
Transfer-Encoding: chunked
Date: Fri, 24 Mar 2023 14:10:47 GMT
media-wellsfargo.nod-glb.nuance.com/media/launch/tcFramework_jssdk.min.js?codeVersion=1675826440001
8.39.193.5200 OK 136 kB URL HTTP/1.1 media-wellsfargo.nod-glb.nuance.com/media/launch/tcFramework_jssdk.min.js?codeVersion=1675826440001
IP 8.39.193.5:0
ASN #54396 NUANCE-MOBILITY
File type ASCII text, with very long lines (65536), with no line terminators
Size 136 kB (136175 bytes)
Hash 59e567c38c35acd8b88471a66cdc80a3
d0479127e1529468017258a6f4464d2ecdff445f
b166b99ff9c03efd887510e4aa8a8491e5bb9992da38c2af2c46b3cd3838448f
GET /media/launch/tcFramework_jssdk.min.js?codeVersion=1675826440001 HTTP/1.1
Host: media-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tag-wellsfargo.nod-glb.nuance.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
ETag: "G5Y6vw0fr2n"
Last-Modified: Wed, 18 Jan 2023 03:50:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/javascript
Transfer-Encoding: chunked
Date: Fri, 24 Mar 2023 14:10:48 GMT
connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
23.36.79.34200 OK 0 B URL HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
IP 23.36.79.34:0
ASN #20940 Akamai International B.V.
GET /auth/static/prefs/login-userprefs.min.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Allow: GET, POST, OPTIONS
Access-Control-Allow-Methods: POST
X-Frame-Options: SAMEORIGIN
ETag: W/"6410ff94-1854"
Last-Modified: Tue, 14 Mar 2023 23:13:24 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Fri, 24 Mar 2023 14:10:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
WesdAksn=A5ge9ROHAQAA4Urcvjns_ikkVJKUVVBmevuSDk2R_w2Alr8qLdy53iqj5DmkAVtaKpqcuDv8wH8AAEB3AAAAAA|1|0|6a6d97738540a8ee334526da0deb59b4868e7381; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=cv2oCepYHWZNUPA+qjapifue%2fQtlMPycYFhHHtGMpKrA3fvmF8wut%2fkWr04hdj4b; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 24 Mar 2023 14:25:43 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51
52.32.5.41200 OK 0 B URL HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51
IP 52.32.5.41:0
GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webpa-landing-dzenai.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 24 Mar 2023 14:10:44 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2