{"report_id":"46974582-c9f8-409b-bf85-014ee38e7567","version":0,"status":"done","tags":["phishing"],"date":"2026-07-12T20:32:19Z","url":{"schema":"http","addr":"overlandtrombone.com/images/login/wells","fqdn":"overlandtrombone.com","domain":"overlandtrombone.com","tld":"com"},"ip":{"addr":"54.36.31.145","port":0,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"final":{"url":{"schema":"https","addr":"overlandtrombone.com/images/login/wells/","fqdn":"overlandtrombone.com","domain":"overlandtrombone.com","tld":"com"},"title":"Wells Fargo Login","dom":{"size":24755,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (8302)","md5":"27e40ebd5e0c845e1f734307f795d17d","sha1":"47db505b1076ee96a7496dc5cecf2d8e992d8885","sha256":"fff6fcf3729fe158ea31c9fe84c8706dd916c0a0379b66b26072f852dc569bfd","sha512":"76e485bf2a2d34ae11d5475bc5f98618ca35ec20be4926f5171eede3b10a0b37576ae9fe8048f72c7fde776be151e2294ff9741c9ff2694a22807a576b6c3f9e","ssdeep":"384:/4o8m1jSsoA+tGwJDJWTWCVES+tbCNYMaiJzdFNglqUivJ:/4o8Gjb4FDJlXCNYTiZd4UJR","tlshash":"c9b2f7670fd708053e07adb82beb5bd96a1d82539603dd48be9c5390cf9ab9445e238c","dom_hash":"domhashfce3f5c62b5e997065e5dd467c812d2e","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"overlandtrombone.com/images/login/wells","fqdn":"overlandtrombone.com","domain":"overlandtrombone.com","tld":"com"},"ip":{"addr":"54.36.31.145","port":0,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-16T20:32:19Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-12","alert":"Phishing Block","trigger":"overlandtrombone.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"overlandtrombone.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Generic phishing","verdict":"phishing","severity":"medium","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Generic phishing","verdict":"phishing","severity":"medium","comment":"","tags":["phishing"],"meta":null}]},"summary":[{"fqdn":"overlandtrombone.com","ip":{"addr":"54.36.31.145","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-07-11T12:25:52.012924Z","last_seen":"2026-07-11T12:25:52.012924Z","alert_count":9,"request_count":4,"received_data":26585,"sent_data":2121,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]},{"fqdn":"www10.wellsfargomedia.com","ip":{"addr":"23.44.45.196","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"domain_registered":"2009-06-25","domain_rank":90632,"first_seen":"2017-01-30T08:35:44Z","last_seen":"2026-07-09T15:24:52.231693Z","alert_count":0,"request_count":1,"received_data":508167,"sent_data":593,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2026-07-05T22:41:50.352327Z","alert_count":0,"request_count":2,"received_data":254175,"sent_data":1112,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Generic phishing","verdict":"phishing","severity":"medium","comment":"","tags":["phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"overlandtrombone.com/images/login/wells/","fqdn":"overlandtrombone.com","domain":"overlandtrombone.com","tld":"com"},"ip":{"addr":"54.36.31.145","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"995fc436bd12d4a3bdef05f4d701eff2","sha1":"27638f4ee7fc3c0c4875bf3fa6fe394d07ec7f20","sha256":"a19d2e08fa43113504ad631320e696b79a9027d7937543e3999e4e7040b737a2","sha512":"051fd9ec012327626ba72bc8e36b43dd7f1e3502c7f6c74248762703ab891592d9dae8160932297e33754c7db1da2fec7556b729f9d84e1e4fb39f9b0d6966eb","ssdeep":"","tlshash":"d241f24a6ce704b42a577dfa47cb830c303480031506c8063e1cdb955f65e2a81f9bde","size":2403,"data":"","first_seen":"2026-07-11T16:15:23.117661Z","last_seen":"2026-07-12T20:32:20.534095Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":[{"level":"log","text":"Good evening","filename":"https://overlandtrombone.com/images/login/wells/","line_number":421,"column_number":19}]},"http":[{"url":{"schema":"https","addr":"overlandtrombone.com/images/login/wells/img/eye-password-show.svg","fqdn":"overlandtrombone.com","domain":"overlandtrombone.com","tld":"com"},"ip":{"addr":"54.36.31.145","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://overlandtrombone.com/images/login/wells/","date":"2026-07-12T20:31:52.815Z","timestamp":1783888312815,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"overlandtrombone.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 00:24:09 GMT","end":"Thu, 06 Aug 2026 00:24:08 GMT"},"fingerprint":{"sha1":"FA:1A:FC:D0:FC:A3:51:2E:DF:3C:8D:C5:1F:08:40:3C:66:22:62:81","sha256":"78:D9:F8:F0:71:B0:36:19:21:5B:3E:6C:8D:31:C1:A0:0D:9A:B8:5F:36:CC:2B:A7:E4:96:14:0F:4B:0F:7F:47"}}},"request":{"raw":"GET /images/login/wells/img/eye-password-show.svg HTTP/1.1\r\nHost: overlandtrombone.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://overlandtrombone.com/images/login/wells/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Sun, 12 Jul 2026 20:31:52 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 292\r\nserver: Apache\r\nlast-modified: Mon, 25 May 2026 10:40:10 GMT\r\naccept-ranges: bytes\r\ncache-control: max-age=900\r\nexpires: Sun, 12 Jul 2026 20:46:52 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":292,"size_decoded":566,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"2924b23993b684a5f4afe531994b0159","sha1":"6176e554f0b0c53047e76e617038c031b866631d","sha256":"b7857fd9cb5cd8df669876d5804c44d9f811c3b04644aecbe2c36e35e5bd52de","sha512":"ccc0ea2d8336cc09f055e5e807b0590bea5206ef150b69bd04815423e2ad8df66ca7642f5ec8fe2509e65af09e09ce45886a09fbd3c1246dc8eb7f2f3061412c","ssdeep":"","tlshash":"6de0c216524dac2cbb098924c77e3133303a7162170f5b1ef46606355508a9bb4379ac","first_seen":"2026-07-11T16:15:23.107505Z","last_seen":"2026-07-12T20:32:20.514739Z","times_seen":2,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-12","alert":"Phishing Block","trigger":"overlandtrombone.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"overlandtrombone.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www10.wellsfargomedia.com/auth/static/images/COB-BOB-IRT-enroll_tractor.jpg","fqdn":"www10.wellsfargomedia.com","domain":"wellsfargomedia.com","tld":"com"},"ip":{"addr":"23.44.45.196","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://overlandtrombone.com/images/login/wells/","date":"2026-07-12T20:31:52.861Z","timestamp":1783888312861,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www10.wellsfargomedia.com","organization":""},"issuer":{"commonName":"GeoTrust TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 07 Oct 2025 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"57:51:72:B8:FA:94:2B:FE:9F:B4:1F:BC:6B:6F:0E:D8:D1:1C:2A:63","sha256":"DF:16:89:32:0F:23:BD:46:7A:ED:B4:28:DB:28:F3:A2:7E:BF:A7:CA:C1:56:AF:96:23:16:D2:D5:07:D7:69:A2"}}},"request":{"raw":"GET /auth/static/images/COB-BOB-IRT-enroll_tractor.jpg HTTP/1.1\r\nHost: www10.wellsfargomedia.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://overlandtrombone.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccess-control-allow-methods: POST\r\nlast-modified: Tue, 16 Jun 2026 18:35:03 GMT\r\nx-frame-options: SAMEORIGIN\r\netag: \"6a272139-95bb8\"\r\ncontent-security-policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp\r\nserver: Akamai Image Manager\r\ncontent-length: 507606\r\ncontent-type: image/avif\r\ncache-control: private, no-transform, max-age=2592000\r\nexpires: Tue, 11 Aug 2026 20:31:52 GMT\r\ndate: Sun, 12 Jul 2026 20:31:52 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":507606,"size_decoded":508167,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"de43a1536491c2b7b1505128f240df20","sha1":"9cb414a9ef2b251983cbf2dfcc709de0b646dcda","sha256":"cf95f525624f4ebaad929b8c8a2579186115d7af34b5e006be771b2397fab3f3","sha512":"1f2e8ba341a0fcd3675d06d182e768354f0153618427e79779d73e60c8ce28c71791691fe67c9246363ab6816265e7ecdca6acafd27ef9ec9a3f79fb16b26d57","ssdeep":"12288:95Wa+OPA8nwSfyXSebQ74hs2Svz4CKaTf0Y34RtldK/bsY:9ka+OPjwEy6Sdi0afLIXssY","tlshash":"57b42324ee220b40d8b70c55293e453917ede7864ff34202cb9aad6694b1bf9cd07e5e","first_seen":"2026-07-11T16:15:23.110565Z","last_seen":"2026-07-12T20:32:20.516777Z","times_seen":2,"resource_available":false,"data":null}},"time_used":53,"timings":{"blocked":0,"dns":17,"connect":1,"send":0,"wait":14,"receive":12,"ssl":9},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/webfonts/fa-solid-900.woff2","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://overlandtrombone.com/images/login/wells/","date":"2026-07-12T20:31:52.909Z","timestamp":1783888312909,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 10 Jul 2026 07:07:58 GMT","end":"Thu, 08 Oct 2026 08:07:45 GMT"},"fingerprint":{"sha1":"DF:66:97:F5:13:A2:C0:81:D3:5B:60:C4:B0:7F:CD:78:F5:91:14:D5","sha256":"3C:F2:95:73:83:BA:4D:D9:CC:85:8F:BC:7D:2C:22:CF:F3:49:9A:3A:E4:1D:FC:AE:CB:07:3D:66:89:74:0E:C5"}}},"request":{"raw":"GET /ajax/libs/font-awesome/6.4.2/webfonts/fa-solid-900.woff2 HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://overlandtrombone.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Sun, 12 Jul 2026 20:31:52 GMT\r\ncontent-type: application/octet-stream; charset=utf-8\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\nlast-modified: Wed, 02 Aug 2023 21:01:56 GMT\r\nvary: Accept-Encoding\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/r2\r\nx-cdnjs-cache: HIT\r\ncf-cache-status: HIT\r\nage: 9004\r\nexpires: Fri, 02 Jul 2027 20:31:52 GMT\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TZPBMTaFttC8VayTiW2M2%2Bd6G8hklyb7pJAESyZhH5HDB7GjhRTTV37OJq6T80RdHoa1P0oEEKy2bTuvYFgzh%2Fs%2FWsmlA2e2CE9BxYoNk5DHjBpF97aY9p8IJAoW5yKiO8SGqykg\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\ncf-ray: a1a2d063bf08569a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":150020,"size_decoded":150986,"mime_type":"application/octet-stream; charset=utf-8","magic":"Web Open Font Format (Version 2), TrueType, length 150020, version 772.1280","md5":"d5e647388e2415268b700d3df2e30a0d","sha1":"97f0942c6627ddd89fb62170e5cac9a2cbd6c98c","sha256":"886c86112a804ef1ddd1cb206af4c8c40e34b73c26652ca231404aa35a6b30d9","sha512":"50b2ffd7537d0424286936cb7ba566004a664f447e4aaac8fa40ceb2850ead6cdb39c957515ae05a07aaeb8f6e3e428c4b95e4efa3edcadc9473e9e200bb47d6","ssdeep":"3072:vPtxURbSTtDXSLXe0itudYTPEnus4blfNUqKrC7ZOBS9C3bzlLX4/NKOTD5:P15Die0UPblfNUqLZg9I/Qk5","tlshash":"03e312e8c98e8e24452e2b975b436d4cfca1c97d77bfba0e2b5401b94f1e0521b34a71","first_seen":"2023-08-04T22:28:10Z","last_seen":"2026-07-16T18:41:26.697568Z","times_seen":39468,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"overlandtrombone.com/favicon.ico","fqdn":"overlandtrombone.com","domain":"overlandtrombone.com","tld":"com"},"ip":{"addr":"54.36.31.145","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://overlandtrombone.com/images/login/wells/","date":"2026-07-12T20:31:52.939Z","timestamp":1783888312939,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"overlandtrombone.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 00:24:09 GMT","end":"Thu, 06 Aug 2026 00:24:08 GMT"},"fingerprint":{"sha1":"FA:1A:FC:D0:FC:A3:51:2E:DF:3C:8D:C5:1F:08:40:3C:66:22:62:81","sha256":"78:D9:F8:F0:71:B0:36:19:21:5B:3E:6C:8D:31:C1:A0:0D:9A:B8:5F:36:CC:2B:A7:E4:96:14:0F:4B:0F:7F:47"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: overlandtrombone.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://overlandtrombone.com/images/login/wells/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\ndate: Sun, 12 Jul 2026 20:31:52 GMT\r\ncontent-type: text/html; charset=iso-8859-1\r\ncontent-length: 196\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":196,"size_decoded":350,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"62962daa1b19bbcc2db10b7bfd531ea6","sha1":"d64bae91091eda6a7532ebec06aa70893b79e1f8","sha256":"80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880","sha512":"9002a0475fdb38541e78048709006926655c726e93e823b84e2dbf5b53fd539a5342e7266447d23db0e5528e27a19961b115b180c94f2272ff124c7e5c8304e7","ssdeep":"","tlshash":"c0d0129e9183638b442225907ac211d2654d13a6b87645e82d82a48a951857dc5ca69d","first_seen":"2023-03-07T12:06:54Z","last_seen":"2026-07-16T18:39:33.582695Z","times_seen":107061,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-12","alert":"Phishing Block","trigger":"overlandtrombone.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"overlandtrombone.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"overlandtrombone.com/images/login/wells","fqdn":"overlandtrombone.com","domain":"overlandtrombone.com","tld":"com"},"ip":{"addr":"54.36.31.145","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-12T20:31:52.174Z","timestamp":1783888312174,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"overlandtrombone.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 00:24:09 GMT","end":"Thu, 06 Aug 2026 00:24:08 GMT"},"fingerprint":{"sha1":"FA:1A:FC:D0:FC:A3:51:2E:DF:3C:8D:C5:1F:08:40:3C:66:22:62:81","sha256":"78:D9:F8:F0:71:B0:36:19:21:5B:3E:6C:8D:31:C1:A0:0D:9A:B8:5F:36:CC:2B:A7:E4:96:14:0F:4B:0F:7F:47"}}},"request":{"raw":"GET /images/login/wells HTTP/1.1\r\nHost: overlandtrombone.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 \r\ndate: Sun, 12 Jul 2026 20:31:52 GMT\r\ncontent-type: text/html; charset=iso-8859-1\r\ncontent-length: 260\r\nserver: Apache\r\nlocation: https://overlandtrombone.com:443/images/login/wells/\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-16T18:40:23.893606Z","times_seen":17295235,"resource_available":true,"data":null}},"time_used":200,"timings":{"blocked":-1,"dns":109,"connect":20,"send":0,"wait":23,"receive":0,"ssl":47},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"overlandtrombone.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-12","alert":"Phishing Block","trigger":"overlandtrombone.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"overlandtrombone.com/images/login/wells/","fqdn":"overlandtrombone.com","domain":"overlandtrombone.com","tld":"com"},"ip":{"addr":"54.36.31.145","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-12T20:31:52.382Z","timestamp":1783888312382,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"overlandtrombone.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 00:24:09 GMT","end":"Thu, 06 Aug 2026 00:24:08 GMT"},"fingerprint":{"sha1":"FA:1A:FC:D0:FC:A3:51:2E:DF:3C:8D:C5:1F:08:40:3C:66:22:62:81","sha256":"78:D9:F8:F0:71:B0:36:19:21:5B:3E:6C:8D:31:C1:A0:0D:9A:B8:5F:36:CC:2B:A7:E4:96:14:0F:4B:0F:7F:47"}}},"request":{"raw":"GET /images/login/wells/ HTTP/1.1\r\nHost: overlandtrombone.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Sun, 12 Jul 2026 20:31:52 GMT\r\ncontent-type: text/html\r\ncontent-length: 8760\r\nserver: Apache\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":25247,"size_decoded":8964,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (8302), with CRLF line terminators","md5":"d40a2d2098387967548f4704a353c82f","sha1":"84484bc8eb0d8ee0c8e7d5ef317971217ec83391","sha256":"7d29ac0efbdeb8b2f4ea0bb8a341890670c154f9be37986a3224808d66c967c3","sha512":"cd68d58c6c92730f9a9ed7ef6b7d417d67a5fcd04993b0f6e75c8df10a2ac6aff93849184d30607609978491691e76fcf192c1eb34ff4d1973b2b9bdbe676b27","ssdeep":"384:dtmjsoA+tGwJDJWTWCWvSNUC+YlJMuz7RmgGRfVinP:dkS4FDJle+YLMa7fofEP","tlshash":"f4b2f9274bc518067a37abb46fe757d9fe0e42934303d144ba9c5381cfbaa1441b2b9c","first_seen":"2026-07-11T16:15:23.103677Z","last_seen":"2026-07-12T20:32:20.52942Z","times_seen":2,"resource_available":true,"data":null}},"time_used":42,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":22,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-12","alert":"Phishing Block","trigger":"overlandtrombone.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"overlandtrombone.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Generic phishing","verdict":"phishing","severity":"medium","comment":"","tags":["phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://overlandtrombone.com/images/login/wells/","date":"2026-07-12T20:31:52.807Z","timestamp":1783888312807,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 10 Jul 2026 07:07:58 GMT","end":"Thu, 08 Oct 2026 08:07:45 GMT"},"fingerprint":{"sha1":"DF:66:97:F5:13:A2:C0:81:D3:5B:60:C4:B0:7F:CD:78:F5:91:14:D5","sha256":"3C:F2:95:73:83:BA:4D:D9:CC:85:8F:BC:7D:2C:22:CF:F3:49:9A:3A:E4:1D:FC:AE:CB:07:3D:66:89:74:0E:C5"}}},"request":{"raw":"GET /ajax/libs/font-awesome/6.4.2/css/all.min.css HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: https://overlandtrombone.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Sun, 12 Jul 2026 20:31:52 GMT\r\ncontent-type: text/css; charset=utf-8\r\nserver: cloudflare\r\npriority: u=2,i=?0\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\nlast-modified: Wed, 02 Aug 2023 21:01:56 GMT\r\nvary: Accept-Encoding\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/r2\r\nx-cdnjs-cache: HIT\r\ncf-cache-status: HIT\r\nage: 5426\r\nexpires: Fri, 02 Jul 2027 20:31:52 GMT\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0nW3EZSmTjmfL%2Fm2axXe2tmxdEdbfQyKT2oxHPQ3sxbKHinARt0LWVDGsjR%2Fz5ZlKWkLGtT2Ol4w5qFeQ6oEdlapECJlz4G9WSFYdkVzuM%2F6aC8REdt5aTRzElGQwiLQgCTKNwox\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\ncf-ray: a1a2d0632e3d569a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":102217,"size_decoded":19750,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (52276)","md5":"5222e06b77a1692fa2520a219840e6be","sha1":"8b4236206a8b86af3761a244277663046d7ff7ee","sha256":"0934b1fc0d3a766d41d3adf5e7a115875e66e98ebba408d965a41cf3d2cb4ab5","sha512":"cf780ba5def29277f562835b0b3a9129ce2aca8afc81a294d6a9a7f824a1c5bb81bac00d23d42946884606b7821642b12e17a2e92f424171446db2aea8b8340c","ssdeep":"1536:0wMCMPMCMjMCM4MCMwMCM3sVMX709gbPMfjSFOTyPGuuprrlCq:M709gMGFiyPGuuprlCq","tlshash":"09a3a7f9e44c05d97732c44bab95b37c65b6f738d5810ca9f02f580c1ad26a822c6f7a","first_seen":"2023-08-04T22:28:10Z","last_seen":"2026-07-16T18:41:26.741715Z","times_seen":45542,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":3,"connect":12,"send":0,"wait":10,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}
